all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

223 - Usurping Mastodon and Broken Signature Schemes [Bug Bounty Podcast]

Add to bookmarks
Nov. 14, 2023, 1 p.m. | DAY[0]

DAY[0] www.youtube.com

Just a few issues this week, a Mastodon normalization issue leading to the potential to impersonate another account. Then we have a more complex chain starting again with a normalization leading to a fairly interesting request smuggling (CL.0 via malformed content-type header) and cache poisoning to leak credentials. Finally a crypto issue with a signature not actually being a signature.

Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/223.html

[00:00:00] Introduction
[00:00:23] Usurping Mastodon instances - mastodon.so/cial [CVE-2023-42451] …

account bounty bug bug bounty cache cache poisoning credentials header issue leak malformed mastodon normalization podcast poisoning request request smuggling signature smuggling week

Visit resource

More from www.youtube.com / DAY[0]

230 - Samsung Baseband and GPU Vulns [Binary Exploitation Podcast] 3 days, 11 hours ago | www.youtube.com
baseband binary binary exploitation chip +21
230 - Samsung Baseband and GPU Vulns [Binary Exploitation Podcast] 3 days, 17 hours ago | www.youtube.com
baseband binary binary exploitation chip +21
229 - Buggy Cookies and a macOS TCC Bypass [Bug Bounty Podcast] 4 days, 17 hours ago | www.youtube.com
alignment attacks bounty bug +17
228 - Hypervisor Bugs and a FAR-out iOS bug [Binary Exploitation Podcast] 1 week, 3 days ago | www.youtube.com
access binary binary exploitation bug +19
227 - Kubernetes Code Exec and There Is No Spoon [Bug Bounty Podcast] 1 week, 4 days ago | www.youtube.com
analysis auditing bounty bug +24
226 - A Heap of Linux Bugs [Binary Exploitation Podcast] 2 weeks, 3 days ago | www.youtube.com
binary binary exploitation bug bugs +16
225 - Prompting for Secrets and Malicious Extensions [Bug Bounty Podcast] 2 weeks, 4 days ago | www.youtube.com
archive bounty bug bug bounty +22
224 - A Bundle of Windows Bugs [Binary Exploitation Podcast] 3 weeks, 3 days ago | www.youtube.com
binary binary exploitation browser bug +14
223 - Usurping Mastodon and Broken Signature Schemes [Bug Bounty Podcast] 3 weeks, 4 days ago | www.youtube.com
account bounty bug bug bounty +16

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Security Specialist

@ Protect Democracy | Remote, US
View on infosec-jobs.com

Environmental Compliance Lead

@ EDF Energy | Bristol, GB
View on infosec-jobs.com

IT Consultant Network w/m/d Wireless (WiFi6, Mobilfunk 5G)

@ Computacenter | Berlin, DE, 12099
View on infosec-jobs.com

Senior - Cyber Infrastructure Protection

@ Deloitte | Madrid, España
View on infosec-jobs.com

GRC (Governance, Risk & Compliance) | 4 to 6 Years | Mumbai, Bengaluru & Chennai

@ Capgemini | Bengaluru, MH, IN
View on infosec-jobs.com

Technology Risk & Controls Advisory - Experienced Consultant

@ Wavestone | London, United Kingdom
View on infosec-jobs.com
View more jobs