Otter@lemmy.ca to

Fediverse@lemmy.worldEnglish · 9 months ago

Mastodon security update: every version prior to today's is vulnerable to remote user impersonation and takeover

262

Mastodon security update: every version prior to today's is vulnerable to remote user impersonation and takeover

Otter@lemmy.ca to

Fediverse@lemmy.worldEnglish · 9 months ago

Remote user impersonation and takeover

### Summary Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account. Every Mastodon version prior to 3.5.17 is vulnerable, as well as...

If your instance is not up to date (see footer), you can pass this along to your admins to check

Chat

xor@infosec.pub
link
fedilink
English
arrow-up
13·
9 months ago
they’re just delaying it by two weeks…

Fediverse@lemmy.world

fediverse@lemmy.world

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !fediverse@lemmy.world

A community to talk about the Fediverse and all it’s related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Posts must be on topic.
Be respectful of others.
Cite the sources used for graphs and other statistics.
Follow the general Lemmy.world rules.

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

245 users / day
1.68K users / week
5.33K users / month
13.2K users / 6 months
1 local subscriber
28.2K subscribers
1.72K Posts
59.2K Comments
Modlog