Skip to content

HTTP fallback via "/plain" allows opportunity for DNS rebinding attack #355

Closed
@abarisani

Description

The shellinabox server, while using the HTTPS protocol, allows HTTP fallback through the "/plain" URL.

This exposes the opportunity for a potential DNS rebinding attack, by malicious JavaScript loaded in the context of the user browser, that would allow connection to shellinabox in the time window between server startup and user reconfiguration of default credentials (scenario is vanilla installation of, as an example, an embedded system).

The "/plain" fallback should be disabled by default to improve security and mitigate such an attack.

Credit goes to Stephen Röttger from the Google Security Team for identifying the issue.

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions