December 3, 2023

A security researcher have discovered numerous vulnerabilities and configuration issues on the social media platforms Mastodon. The increased popularity of the platform is leading to increased scrutiny of its flaws.

Mastodon is a federation of servers that can communicate with each other, but which are maintained and run separately by independent admins.

That means different rules, different configurations, and sometimes different software versions could apply to different users and postings.

Advertisements

Infosec. exchange instances of Mastodon were uploaded to storage buckets that failed to apply access controls. An attacker to access a user’s profile picture or any other uploaded data and replace it with arbitrary content.

The vulnerability also meant it was possible to download files from the server – including those shared by direct message (DMs on Mastodon, unlike Twitter, omit encryption). Destructive attacks, including the deletion of files on the server, were also possible.

The security shortcoming – which opened the door to all manner of misuse – was quickly addressed after reporting the issue to Jerry Bell, the sys admin who administers the infosec. exchange instance of Mastodon.

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – November, 2023

December 2, 2023

Staples affected by a Cyber Attack

December 2, 2023

CISA KEV Update Part I – December 2023

December 1, 2023 2

Dollar Tree Affected by a Third Party Breach

December 1, 2023

Apple Patches iOS zerodays – CVE-2023-42916 and CVE-2023-42917

December 1, 2023

TheCyberThrone Security Week In Review – November 25, 2023

November 30, 2023
%d bloggers like this: