Описание
Username spoofing in OnionShare
Between September 26, 2021 and October 8, 2021, Radically Open Security conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund's Red Team lab. This is an issue from that penetration test.
- Vulnerability ID: OTF-005
- Vulnerability type: Improper Input Sanitization
- Threat level: Low
Description:
It is possible to change the username to that of another chat participant with an additional space character at the end of the name string.
Technical description:
Assumed users in Chat:
- Alice
- Bob
- Mallory
- Mallory renames to
Alice. - Mallory sends message as
Alice. - Alice and Bob receive a message from Mallory disguised as
Alice, which is hard to distinguish from theAlicein the web interface.
Other (invisible) whitespace characters were found to be working as well.
Impact:
An adversary with access to the chat environment can use the rename feature to impersonate other participants by adding whitespace characters at the end of the username.
Recommendation:
- Remove non-visible characters from the username
Пакеты
onionshare-cli
>= 2.3, < 2.5
2.5
Связанные уязвимости
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions it is possible to change the username to that of another chat participant with an additional space character at the end of the name string. An adversary with access to the chat environment can use the rename feature to impersonate other participants by adding whitespace characters at the end of the username.
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions it is possible to change the username to that of another chat participant with an additional space character at the end of the name string. An adversary with access to the chat environment can use the rename feature to impersonate other participants by adding whitespace characters at the end of the username.
OnionShare is an open source tool that lets you securely and anonymous ...