Don't miss out on new posts! Sign up! Also, visit the VHT Forums!
Mastadon vulnerabil...
Clear all

Mastadon vulnerability leads to account takeover

1 Posts
1 Users
Brandon Lee
Posts: 408
Member Admin
Topic starter

Mastodon, a free, open-source, and decentralized social networking service, has addressed a significant security issue that could let attackers impersonate users and seize control of any account on the platform.

2024 02 03 10 56 17

This platform has gained popularity, especially following Elon Musk's acquisition of Twitter, and now has nearly 12 million users distributed over 11,000 instances.

Mastodon instances, which are independent servers, form interconnected communities through a system called "federation." Each instance has its unique rules and policies, managed by its owners who also provide the necessary infrastructure and oversee server administration.

The vulnerability, identified as CVE-2024-23832, was caused by inadequate origin validation within Mastodon's framework, which could enable attackers to masquerade as other users and hijack their accounts.

Rated 9.4 on the CVSS v3.1 scale, this flaw affected all Mastodon versions up to 3.5.17, 4.0.13, 4.1.13, and 4.2.4.

With the release of version 4.2.5, this issue has been resolved. Mastodon server administrators are strongly encouraged to update their systems to this latest version immediately, ensuring the security of their community members.

Posted : 03/02/2024 10:57 am