-
Notifications
You must be signed in to change notification settings - Fork 66
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security vulnerability / hardening #1207
Comments
hello, |
If I get it right Knoxi-Code states, that the communication between the moolticute and the mooltipass uses the same port as the communication between moolticute and the browser extension. Is that right @Knoxi-Code? |
Sorry that I'm only getting in touch now :) @Jan-NiklasB yes that the point, this is the first time I have seen this. The problem is that it is possible to hide code within an application using code injection or code migration. Now there is hardly any reason why Firefox should access the same port, that use moolticut to comunicate with the device. or is the connection form firefox to the port 30035, from the firefox extension ? |
I apologize for my delayed answer... |
My application monitoring see that Firefox joining tcp 127.0.01 lochost, port 30035, this is the same port for the moolticut communication between mooltipass and moolticut.
At the first moment i thinking it was the communcation between mooltipass and firefox extension, but it wasent, a application that communicate out of a system and join the the port that transfer the crypted passwords between manager and device, can be a MIT attck to snif data!
If the firefox extension need over tcp lochost let they communicate over a other port, not the same port that communicate with the moolticut.app too. This prevent when the browser is okjupied, that not in the same commuication port between manager.app and device to prevent a MIT attack.
Debian 12
I love your work,
keep it up :)
The text was updated successfully, but these errors were encountered: