Otter@lemmy.ca to

Fediverse@lemmy.worldEnglish · 9 months ago

Mastodon security update: every version prior to today's is vulnerable to remote user impersonation and takeover

cross-posted to:
[email protected]

261

Mastodon security update: every version prior to today's is vulnerable to remote user impersonation and takeover

Otter@lemmy.ca to

Fediverse@lemmy.worldEnglish · 9 months ago

cross-posted to:
[email protected]

Remote user impersonation and takeover

### Summary Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account. Every Mastodon version prior to 3.5.17 is vulnerable, as well as...

If your instance is not up to date (see footer), you can pass this along to your admins to check

Chat

roguetrick@kbin.social
link
fedilink
arrow-up
25·
9 months ago
Eh, stuff like truth social doesn’t federate with anything anyway, so unfortunately this isn’t a vulnerability for them.
- jonne@infosec.pub
  link
  fedilink
  English
  arrow-up
  10·
  9 months ago
  Has it been confirmed this is a federation bug?
  - Skull giver@popplesburger.hilciferous.nl
    link
    fedilink
    English
    arrow-up
    25·
    edit-2
    9 months ago
    deleted by creator
    - jonne@infosec.pub
      link
      fedilink
      English
      arrow-up
      5·
      9 months ago
      Oh great, thanks.

Fediverse@lemmy.world

fediverse@lemmy.world

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]

A community to talk about the Fediverse and all it’s related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to [email protected]!

Rules

Posts must be on topic.
Be respectful of others.
Cite the sources used for graphs and other statistics.
Follow the general Lemmy.world rules.

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

263 users / day
1.68K users / week
5.33K users / month
13.2K users / 6 months
1 local subscriber
28.2K subscribers
1.69K Posts
52.9K Comments
Modlog