Arthur Besse@lemmy.ml to

Fediverse@lemmy.mlEnglish · 1 year ago

Mastodon security update: every version prior to today's is vulnerable to remote user impersonation and takeover

cross-posted to:
fediverse@lemmy.world

191

Mastodon security update: every version prior to today's is vulnerable to remote user impersonation and takeover

Arthur Besse@lemmy.ml to

Fediverse@lemmy.mlEnglish · 1 year ago

cross-posted to:
fediverse@lemmy.world

Remote user impersonation and takeover

### Summary Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account. Every Mastodon version prior to 3.5.17 is vulnerable, as well as...

Chat

Fembot@mstdn.social
link
fedilink
arrow-up
2
arrow-down
1·
1 year ago
deleted by creator
- triplenadir@lemmygrad.ml
  link
  fedilink
  arrow-up
  1·
  1 year ago
  not the person you’re replying to but yes, anyone on an unpatched server is vulnerable

Fediverse@lemmy.ml

fediverse@lemmy.ml

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !fediverse@lemmy.ml

A community dedicated to fediverse news and discussion.

Fediverse is a portmanteau of “federation” and “universe”.

Getting started on Fediverse;

What is the fediverse?
- Short ver.
- Full ver.
Fediverse Platforms
How to run your own community

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

30 users / day
569 users / week
1.52K users / month
3.27K users / 6 months
1 local subscriber
18K subscribers
902 Posts
13.4K Comments
Modlog