all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

223 - Usurping Mastodon and Broken Signature Schemes

Add to bookmarks
Nov. 14, 2023, 1 p.m. | zi

DAY[0] dayzerosec.com

Just a few issues this week, a Mastodon normalization issue leading to the potential to impersonate another account. Then we have a more complex chain starting again with a normalization leading to a fairly interesting request smuggling (CL.0 via malformed content-type header) and cache poisoning to leak credentials. Finally a crypto issue with a signature not actually being a signature.

account bounty-podcast cache cache poisoning credentials crypto header issue leak malformed mastodon normalization podcast poisoning request request smuggling signature smuggling week

Visit resource

More from dayzerosec.com / DAY[0]

252 - Bypassing KASLR and a FortiGate RCE 1 month, 1 week ago | dayzerosec.com
aslr binary-podcast bypass bypassing +12
251 - RCE’ing Mailspring and a .NET CRLF Injection 1 month, 2 weeks ago | dayzerosec.com
attack bounty bounty-podcast bypass +9
250 - Future of Exploit Dev 1 month, 2 weeks ago | dayzerosec.com
binary-podcast corruption dev development +12
249 - libXPC to Root and Digital Lockpicking 1 month, 3 weeks ago | dayzerosec.com
android bounty-podcast bypass check +11
248 - Binary Ninja Free and K-LEAK 1 month, 3 weeks ago | dayzerosec.com
automated binary binary ninja binary-podcast +10
247 - Hacking Google AI and SAML 1 month, 4 weeks ago | dayzerosec.com
auth bounty-podcast bypass google +7
246 - Rust Memory Corruption??? 2 months ago | dayzerosec.com
access binary-podcast code corruption +9
245 - A PHP and Joomla Bug and some DOM Clobbering 2 months ago | dayzerosec.com
api bounty-podcast bug cache +15
244 - Linux Burns Down CVEs 2 months, 1 week ago | dayzerosec.com
binary-podcast cves down fuzzing +3

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Senior Security Engineer - Detection and Response

@ Fastly, Inc. | US (Remote)
View on infosec-jobs.com

Application Security Engineer

@ Solidigm | Zapopan, Mexico
View on infosec-jobs.com

Defensive Cyber Operations Engineer-Mid

@ ISYS Technologies | Aurora, CO, United States
View on infosec-jobs.com

Manager, Information Security GRC

@ OneTrust | Atlanta, Georgia
View on infosec-jobs.com

Senior Information Security Analyst | IAM

@ EBANX | Curitiba or São Paulo
View on infosec-jobs.com

Senior Information Security Engineer, Cloud Vulnerability Research

@ Google | New York City, USA; New York, USA
View on infosec-jobs.com
View more jobs