all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

223 - Usurping Mastodon and Broken Signature Schemes

Add to bookmarks
Nov. 14, 2023, 1 p.m. | zi

DAY[0] dayzerosec.com

Just a few issues this week, a Mastodon normalization issue leading to the potential to impersonate another account. Then we have a more complex chain starting again with a normalization leading to a fairly interesting request smuggling (CL.0 via malformed content-type header) and cache poisoning to leak credentials. Finally a crypto issue with a signature not actually being a signature.

account bounty-podcast cache cache poisoning credentials crypto header issue leak malformed mastodon normalization podcast poisoning request request smuggling signature smuggling week

Visit resource

More from dayzerosec.com / DAY[0]

230 - Samsung Baseband and GPU Vulns 5 hours ago | dayzerosec.com
baseband binary-podcast chip code +18
229 - Buggy Cookies and a macOS TCC Bypass 1 day, 5 hours ago | dayzerosec.com
alignment attack attacks bounty-podcast +16
228 - Hypervisor Bugs and a FAR-out iOS bug 1 week ago | dayzerosec.com
access binary-podcast bug bugs +17
227 - Kubernetes Code Exec and There Is No Spoon 1 week, 1 day ago | dayzerosec.com
analysis auditing bounty-podcast bugs +7
226 - A Heap of Linux Bugs 1 week, 6 days ago | dayzerosec.com
binary-podcast bug bugs cpu +16
225 - Prompting for Secrets and Malicious Extensions 2 weeks, 1 day ago | dayzerosec.com
archive bounty-podcast chrome chrome extension +21
224 - A Bundle of Windows Bugs 3 weeks ago | dayzerosec.com
binary-podcast browser bug bugs +10
223 - Usurping Mastodon and Broken Signature Schemes 3 weeks, 1 day ago | dayzerosec.com
account bounty-podcast cache cache poisoning +15
222 - MTE Debuts, DNS Client Exploits, and iTLB 4 weeks ago | dayzerosec.com
acrobat adobe adobe acrobat binary-podcast +25

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Security Specialist

@ Protect Democracy | Remote, US
View on infosec-jobs.com

Sr Staff Software Engineer (L7- Network Security)

@ Palo Alto Networks | Santa Clara, CA, United States
View on infosec-jobs.com

Cyber Threat Analyst, Senior

@ ManTech | 221BQ - Cstmr Site,Springfield,VA
View on infosec-jobs.com

Security Architect

@ Netcompany | Birmingham, United Kingdom
View on infosec-jobs.com

Sr. Security Architect

@ Datavant | Remote, United States
View on infosec-jobs.com

Cybersecurity Services Sales Executive

@ Rockwell Automation | United States of America Milwaukee (South 2nd Street)
View on infosec-jobs.com
View more jobs