Security vulnerability / hardening #1207
Comments
|
hello, |
|
If I get it right Knoxi-Code states, that the communication between the moolticute and the mooltipass uses the same port as the communication between moolticute and the browser extension. Is that right @Knoxi-Code? |
|
Sorry that I'm only getting in touch now :) @Jan-NiklasB yes that the point, this is the first time I have seen this. The problem is that it is possible to hide code within an application using code injection or code migration. Now there is hardly any reason why Firefox should access the same port, that use moolticut to comunicate with the device. or is the connection form firefox to the port 30035, from the firefox extension ? |
|
I apologize for my delayed answer... |
My application monitoring see that Firefox joining tcp 127.0.01 lochost, port 30035, this is the same port for the moolticut communication between mooltipass and moolticut.
At the first moment i thinking it was the communcation between mooltipass and firefox extension, but it wasent, a application that communicate out of a system and join the the port that transfer the crypted passwords between manager and device, can be a MIT attck to snif data!
If the firefox extension need over tcp lochost let they communicate over a other port, not the same port that communicate with the moolticut.app too. This prevent when the browser is okjupied, that not in the same commuication port between manager.app and device to prevent a MIT attack.
Debian 12
I love your work,
keep it up :)
The text was updated successfully, but these errors were encountered: