cybersecurity.theater is one of the many independent Mastodon servers you can use to participate in the fediverse.
Taking the "Twitter" out of "InfoSec Twitter."

Administered by:

Server stats:

4
active users

Find of the day - someone dropped an AtlasVPN on Reddit. The AtlasVPN daemon on Linux runs an HTTP server to accept CLI commands, it binds to 127.0.0.1:8076 by default.

What's hilarious is that it accepts commands without ANY authentication - so if you open a malicious webpage, that webpage can fire a POST to 127.0.0.1:8076/connection/stop and instantly disconnect your VPN.

Utter garbage.

Source: reddit.com/r/cybersecurity/com

Proof below - used AtlasVPN's latest Linux client, version 1.0.3.

Chris Partridge

Really great question in the comments - how does this exploit bypass CORS?

The request to the AtlasVPN daemon meets the definition of a "simple request" - for legacy/compatibility reasons, servers don't have to "opt in" to receive requests that look like form submissions. :')

developer.mozilla.org/en-US/do

@tweedge CORS is just a suggestion anyway. The client has to choose to enforce it.