Closed
Description
Electerm version:
All versions
Operating system(linux, macos, or windows7/8/10?):
All operating system(macos,windows7/8/10,linux)
Detailed Description
Electerm did not conduct permission checks, which led to remote command execution vulnerabilities.
After testing, it affected Electerm on all operating systems.
Steps to Reproduce
1.Open Electerm and keep it running.
2.Use a browser such as Chrome / Firefox / Safari to visit the malicious site I constructed: http://orz.weinull.com/orz-001.html
3.Malicious site executes command to open calculator.
Suggestions
Generate a random token for service invocation at startup, and at the same time, ensure that the token has enough complexity to be guessed