Mastodon vulnerability allows hackers to hijack any decentralized account
Decentralized social network Mastodon has revealed a critical security flaw that allows malicious actors to impersonate and take over any account.
“Due to insufficient origin verification on all Mastodon, an attacker can impersonate and take over any remote account,” the maintainers said in a brief advisory.
The vulnerability is tracked as CVE-2024-23832, a severity rating of 9.4 (out of 10). Security researcher arcanicanis is believed to be the person who discovered and reported the issue.
It’s described as an “origin validation error” (CWE-346) that typically allows an attacker to “access any functionality that the origin inadvertently has access to.”
Every Mastodon version before 3.5.17 is vulnerable, as are 4.0.x versions before 4.0.13, 4.1.x versions before 4.1.13, and 4.2.x versions before 4.2.5.
Mastodon said it will not provide further technical details about the flaw until February 15, 2024, to give administrators ample time to update server instances and prevent the possibility of exploitation.
“Any detail could easily lead to an exploit,” it said.
The federated nature of the platform means that it runs on separate servers (also called instances), independently hosted and operated by respective administrators who create their own rules and regulations and enforce them locally.
This also means that not only does each instance have a unique code of conduct, terms of service, privacy policy, and content moderation guidelines, but each administrator is also required to apply security updates in a timely manner to ensure that individuals are protected from potential risks.
This disclosure comes nearly seven months after Mastodon addressed two other critical flaws (CVE-2023-36460 and 2023-36459) that could be weaponized by adversaries to cause a denial of service (DoS) or enable remote code execution .
from Tech Empire Solutions https://techempiresolutions.com/mastodon-vulnerability-allows-hackers-to-hijack-any-decentralized-account/
via https://techempiresolutions.com/
from Tech Empire Solutions https://techempiresolutions.blogspot.com/2024/02/mastodon-vulnerability-allows-hackers.html
via https://techempiresolutions.com/
Comments
Post a Comment