🏠 Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeiträge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden Überblick über die wichtigsten Aspekte der IT-Sicherheit in einer sich ständig verändernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch übersetzen, erst Englisch auswählen dann wieder Deutsch!

Google Android Playstore Download Button für Team IT Security

800+ IT News als RSS Feed abonnieren

Thema auswählen:

📚 Keybase: SOP bypass using browser cache

🕛 Zeit seit Veröffentlichung: 1577 Tage, 7 Stunden 32 Minuten
📆 Veröffentlicht am: 19.12.2019 um 15:26 Uhr
💡 Newskategorie: Sicherheitslücken
🔗 Quelle: vulners.com

Summary An attacker has the ability to extract sensitive information from user's accounts, due to a CORS issue. On a minor note, this also is a cross-site leak as we can fingerprint what exact keybase user has accessed the attacker's website. Information disclosed: "passphrase_generation":4,"random_pw":false}, "invitation_stats":{"available":60,"used":40,"power":100,"open":0}, "profile":"emails":{"emails":[{"email":"x86sec@yahoo.ie","is_primary":1,"is_verified":1,"when_verified":"2016-03-08T22:44:39.000Z","visibility":1,"last_verify_email_date":null}],"primary":{"email":"x86sec@yahoo.ie","is_primary":1,"is_verified":1,"when_verified":"2016-03-08T22:44:39.000Z","visibility":1,"last_verify_email_date":null}},"billing_and_quotas":{"plan":{"plan_id":"b40ff8cf58afb4fa7e8dd4dc2c5f651a","plan_name":"BASIC","price_pennies":0,"gigabytes":250,"num_groups":0,"folders_with_writes":500,"billing_status":0,"test_mode":null},"usage","lks_server_half":"a42d3be100454cc98df58d90acd402af57e40119d6a02580edc47128454a47dc","passphrase_generation":4,"last_used_time":1566400369},"private_keys":{"all":{}} I tested this on my own account, and while there is some serious information disclosure here, I am most concerned by "private_keys" field. I do not believe I have a private key stored on keybase.io however if it turns out that a private key is disclosed here for people that do, I believe this is near critical impact. Issue Overview Users can interact with the following endpoint:... ...

Sharing is caring on Social Media

📌 Respected researcher wladimir palant has recommended users “uninstall the keybase browser extension asap” after discovering a gap in its end-to-end encryption.

🕛 2036 Tage, 5 Stunden 58 Minuten
📆 16.09.2018 um 16:41 Uhr
📈 26.46 Punkte

📌 How to Cache Expensive Database Queries Using the Momento Serverless Cache

🕛 477 Tage, 22 Stunden 28 Minuten
📆 22.12.2022 um 21:45 Uhr
📈 25.75 Punkte

📌 Facebook's Clear History Privacy Option: Boon or Sop?

🕛 2172 Tage, 2 Stunden 11 Minuten
📆 03.05.2018 um 19:28 Uhr
📈 24.22 Punkte

📌 It’s just one of many sop snafus of a pilot program for advanced searches of travelers’ devices that doesn’t even have performance metrics.

🕛 1948 Tage, 5 Stunden 58 Minuten
📆 13.12.2018 um 16:21 Uhr
📈 24.22 Punkte

🏠 Team IT Security News

📚 Keybase: SOP bypass using browser cache

Sharing is caring on Social Media

Join the Team IT Security Community