๐ Keybase: SOP bypass using browser cache
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: vulners.com
Summary An attacker has the ability to extract sensitive information from user's accounts, due to a CORS issue. On a minor note, this also is a cross-site leak as we can fingerprint what exact keybase user has accessed the attacker's website. Information disclosed: "passphrase_generation":4,"random_pw":false}, "invitation_stats":{"available":60,"used":40,"power":100,"open":0}, "profile":"emails":{"emails":[{"email":"[email protected]","is_primary":1,"is_verified":1,"when_verified":"2016-03-08T22:44:39.000Z","visibility":1,"last_verify_email_date":null}],"primary":{"email":"[email protected]","is_primary":1,"is_verified":1,"when_verified":"2016-03-08T22:44:39.000Z","visibility":1,"last_verify_email_date":null}},"billing_and_quotas":{"plan":{"plan_id":"b40ff8cf58afb4fa7e8dd4dc2c5f651a","plan_name":"BASIC","price_pennies":0,"gigabytes":250,"num_groups":0,"folders_with_writes":500,"billing_status":0,"test_mode":null},"usage","lks_server_half":"a42d3be100454cc98df58d90acd402af57e40119d6a02580edc47128454a47dc","passphrase_generation":4,"last_used_time":1566400369},"private_keys":{"all":{}} I tested this on my own account, and while there is some serious information disclosure here, I am most concerned by "private_keys" field. I do not believe I have a private key stored on keybase.io however if it turns out that a private key is disclosed here for people that do, I believe this is near critical impact. Issue Overview Users can interact with the following endpoint:... ...