May 28, 2023

A security researcher have discovered numerous vulnerabilities and configuration issues on the social media platforms Mastodon. The increased popularity of the platform is leading to increased scrutiny of its flaws.

Mastodon is a federation of servers that can communicate with each other, but which are maintained and run separately by independent admins.

That means different rules, different configurations, and sometimes different software versions could apply to different users and postings.

Advertisements

Infosec. exchange instances of Mastodon were uploaded to storage buckets that failed to apply access controls. An attacker to access a user’s profile picture or any other uploaded data and replace it with arbitrary content.

The vulnerability also meant it was possible to download files from the server – including those shared by direct message (DMs on Mastodon, unlike Twitter, omit encryption). Destructive attacks, including the deletion of files on the server, were also possible.

The security shortcoming – which opened the door to all manner of misuse – was quickly addressed after reporting the issue to Jerry Bell, the sys admin who administers the infosec. exchange instance of Mastodon.

Tags:

Leave a Reply

You may have missed

Zyxel Patches Critical Buffer Overflow Vulnerability

Zyxel Patches Critical Buffer Overflow Vulnerability

May 27, 2023
Apria Data Breach affects 2 million customers

Apria Data Breach affects 2 million customers

May 27, 2023
CosmicEnergy Malware Shutting Electric grid

CosmicEnergy Malware Shutting Electric grid

May 27, 2023
Operation Magalenha from Brazil

Operation Magalenha from Brazil

May 27, 2023
Buhti Ransomware Dissection

Buhti Ransomware Dissection

May 26, 2023
Volt Typhoon – Chinese Threat Actor Targetting US Infra

Volt Typhoon – Chinese Threat Actor Targetting US Infra

May 25, 2023
%d bloggers like this: