Affected configurations: cpp-ethereum (eth, AlethZero, …) version 1.2.0 up to 1.2.6
Note: Neither “geth” nor “Mist” nor the “Ethereum Wallet” (unless explicitly used together with cpp-ethereum) are affected by this, they lock accounts correctly again.
This is just a quick head’s up that cpp-ethereum’s security issue around account security is not yet properly fixed. The fix that is part of cpp-ethereum version 1.2.6 did not decrease the security, but it also did not fix the bug completely. We will work towards another bugfix release and announce it once the fix is properly verified.
A fix is now available: Release 1.2.7 – https://github.com/ethereum/webthree-umbrella/releases/tag/v1.2.7