Hello Guest, welcome to torrentinvites.org - Your #1 source for Torrent Invites!
CLICK HERE to register for free and gain full access to TI.org!
Torrent Invites! Buy, Trade, Sell Or Find Free Invites, For EVERY Private Tracker! HDBits.org, BTN, PTP, MTV, Empornium, Orpheus, Bibliotik, RED, IPT, TL, PHD etc!
-
Multiple Flaws Exposed in Pocket Add-on for Firefox
With providing easy accessibility, the battle is not won!
Server-side Vulnerabilities have been reported by a security researcher in the popular Pocket add-on that comes attached with the Firefox browser.
The security flaws could have allowed hackers to exfiltrate data from the company’s servers as well as populate reading lists with malicious links.
Pocket, previously known as 'Read it Later,' is essentially an opt-out, non-removable extension into all versions of Firefox. You can sign-up for Pocket with either your Firefox Account, Google Account, or any other email address you use.
The Pocket button in the Firefox browser allows you to save links, videos, web pages, or articles to your Pocket account with just a click, making it easier for you to read them later, usually offline.
However, the vulnerabilities discovered by security researcher Clint Ruoho was such that it could allow hackers to get an unrestricted root access to the server hosting the application, the researcher wrote in his blog post.
For this to be done, a hacker only needs:
-A browser
-The Pocket Mobile app
-Access to an Amazon EC2 Server which costs 2 cents an hour
The researcher, with the goal of exploiting the service's main functionality, was able to add a server internal address in the 'Read it Later' user list.
This lets the researcher in retrieving sensitive server information including:
-IAM credentials
-The server's internal IP address
-Network type
-The SSH Private Key that is being needed to connect without password
With the help of this information, it would be possible to gain unrestricted access, allowing hackers to read every file on the filesystem with root-level privileges on the back-end server.
Ruoho reported Read It Later, which owns Pocket, about the vulnerabilities he found and asked for a patch. In response to the issues, the company issued a quick remediation and asked Ruoho to delay his full exposure of the vulnerabilities report by 21 days.
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules