Opened 6 years ago

Closed 4 years ago

#1080 closed defect (wontfix)

Local Router Identity Accesable via Router Console

Reported by: psi Owned by:
Priority: minor Milestone:
Component: apps/console Version: 0.9.8.1
Keywords: websec privacy anonymity Cc: killyourtv
Parent Tickets: Sensitive: no

Description

accessing the following url can obtain sensitive information

http://127.0.0.1:7657/netdb?r=.

this can be exploited by xss to reveal a user's local identity to a remote attacker

Subtickets

Change History (7)

comment:1 in reply to:  description Changed 6 years ago by psi

Replying to psi:

accessing the following url can obtain sensitive information

http://127.0.0.1:7657/netdb?r=.

this can be exploited by xss to reveal a user's local identity to a remote attacker

http://127.0.0.1:7657/netdb?r=%2E is the correct url

comment:2 Changed 6 years ago by zzz

Component: unspecifiedapps/console

if that's the case, the user's IP is visible on several pages… /peers, /confignet, i2ptunnel, …

Is this realistic, given that browsers generally won't fetch from localhost?

If it is realistic, do you have a proposal for fixing it?

comment:3 Changed 6 years ago by killyourtv

Cc: killyourtv added

comment:4 Changed 6 years ago by zzz

May or may not be related, but findbugs reports 13 possible XSS vulnerabilities in the JSPs, to be reviewed and fixed if real.

Using findbugs 2.0.3-rc1

comment:5 in reply to:  4 Changed 6 years ago by killyourtv

Replying to zzz:

Using findbugs 2.0.3-rc1

I didn't know that was out but Jenkins will be using that too.

comment:6 Changed 5 years ago by str4d

Keywords: websec privacy anonymity added
Milestone: 0.9.9

comment:7 Changed 4 years ago by zzz

Resolution: wontfix
Status: newclosed

No reply from OP, no proposal posted.

Note: See TracTickets for help on using tickets.