Login Sign Up

CVE-2023-40580

8.1 HIGH

📋 TL;DR

This vulnerability allows malicious websites to access the recovery mnemonic phrase when the Freighter Stellar wallet browser extension is unlocked. It affects users of the Freighter extension who visit compromised or malicious websites while their wallet is unlocked. The vulnerability represents a critical information disclosure risk for cryptocurrency wallet users.

💻 Affected Systems

Products:
  • Freighter Stellar Wallet Chrome Extension
Versions: All versions before 5.3.1
Operating Systems: All operating systems running Chrome browser
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects users who have the Freighter extension installed and unlocked while browsing the web.

📦 What is this software?

Freighter by Stellar

View all CVEs affecting Freighter →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete loss of all cryptocurrency assets stored in the Freighter wallet as attackers can steal the mnemonic phrase and gain full control over the wallet and funds.

🟠

Likely Case

Attackers create malicious websites that exploit this vulnerability to steal mnemonic phrases from users who visit while their Freighter wallet is unlocked, leading to asset theft.

🟢

If Mitigated

With proper patching, the vulnerability is eliminated, preventing unauthorized access to mnemonic phrases even when visiting malicious websites.

🌐 Internet-Facing: HIGH
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires users to visit a malicious website while Freighter is unlocked, making social engineering a likely component.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.3.1

Vendor Advisory: https://github.com/stellar/freighter/security/advisories/GHSA-vqr6-hwg2-775w

Restart Required: No

Instructions:

1. Open Chrome browser. 2. Go to chrome://extensions/. 3. Find Freighter extension. 4. Click 'Update' or manually update to version 5.3.1 or later. 5. Ensure the extension shows version 5.3.1 or higher.

🔧 Temporary Workarounds

Lock Freighter When Not Actively Using

all

Manually lock the Freighter wallet extension when not actively performing transactions to prevent exploitation.

Click Freighter extension icon, select 'Lock' option

Disable Extension Temporarily

all

Temporarily disable the Freighter extension until patched to eliminate the attack surface.

chrome://extensions/ → Toggle Freighter extension to 'Off'

🧯 If You Can't Patch

  • Disable the Freighter extension completely until patching is possible
  • Use Freighter only in a dedicated browser profile with no web browsing activity

🔍 How to Verify

Check if Vulnerable:

Check Freighter extension version in Chrome: chrome://extensions/ → Find Freighter → Check version number

Check Version:

chrome://extensions/

Verify Fix Applied:

Confirm extension version is 5.3.1 or higher in chrome://extensions/

📡 Detection & Monitoring

Log Indicators:

  • Unusual extension activity logs, unexpected mnemonic phrase access attempts

Network Indicators:

  • Requests from browser to unknown domains while Freighter is active

SIEM Query:

Browser extension logs showing Freighter activity followed by external network connections

📊 Metadata

CVE ID: CVE-2023-40580
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CWE: CWE-200
Published: August 25, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-40580, you might also want to check these:

CVE-2025-61481 10.0

MikroTik RouterOS and SwOS expose their WebFig management interface over unencrypted HTTP by default...

Same vulnerability type (CWE-200)
CVE-2025-53624 10.0

The Docusaurus gists plugin versions before 4.0.0 expose GitHub Personal Access Tokens in client-sid...

Same vulnerability type (CWE-200)
CVE-2023-49103 10.0

This vulnerability in ownCloud's graphapi app exposes PHP configuration details (phpinfo) via a thir...

Same vulnerability type (CWE-200)