Nov. 14, 2023, 1 p.m. | DAY[0]


Just a few issues this week, a Mastodon normalization issue leading to the potential to impersonate another account. Then we have a more complex chain starting again with a normalization leading to a fairly interesting request smuggling (CL.0 via malformed content-type header) and cache poisoning to leak credentials. Finally a crypto issue with a signature not actually being a signature.

Links and vulnerability summaries for this episode are available at:

[00:00:00] Introduction
[00:00:23] Usurping Mastodon instances - [CVE-2023-42451] …

account bounty bug bug bounty cache cache poisoning credentials header issue leak malformed mastodon normalization podcast poisoning request request smuggling signature smuggling week

Security Specialist

@ Protect Democracy | Remote, US

Environmental Compliance Lead

@ EDF Energy | Bristol, GB

IT Consultant Network w/m/d Wireless (WiFi6, Mobilfunk 5G)

@ Computacenter | Berlin, DE, 12099

Senior - Cyber Infrastructure Protection

@ Deloitte | Madrid, España

GRC (Governance, Risk & Compliance) | 4 to 6 Years | Mumbai, Bengaluru & Chennai

@ Capgemini | Bengaluru, MH, IN

Technology Risk & Controls Advisory - Experienced Consultant

@ Wavestone | London, United Kingdom