Skip to content

Electron has serious security vulnerability #1686

Closed
@weinull

Description

@weinull

Electerm version:

All versions

Operating system(linux, macos, or windows7/8/10?):

All operating system(macos,windows7/8/10,linux)

Detailed Description

Electerm did not conduct permission checks, which led to remote command execution vulnerabilities.
After testing, it affected Electerm on all operating systems.

Steps to Reproduce

1.Open Electerm and keep it running.
2.Use a browser such as Chrome / Firefox / Safari to visit the malicious site I constructed: http://orz.weinull.com/orz-001.html
3.Malicious site executes command to open calculator.

Suggestions

Generate a random token for service invocation at startup, and at the same time, ensure that the token has enough complexity to be guessed

Electerm is a very good tool, hope to develop better

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions