Through my own experiences with neocats and neocritters of all sort I found several critical security flaws in the Multi-protocol Encryption Online infrastructure System (MEOWS)
-
@ori@woem.men still no interactions
For a real good post this is too long and way too technical. Even though I think the joke works quite well@ori@woem.men Well... I eat my own words it seems... currently 91 boosts
-
Through my own experiences with neocats and neocritters of all sort I found several critical security flaws in the Multi-protocol Encryption Online infrastructure System (MEOWS)
Let's first take a look how it works normally.
First an authenticated user::neocat: Please provide fingerprint!
And now when an unauthenticated User tries to enter:
:neocat_boop: Scanning...
:neocat_happy: User authenticated. Weclome!:neocat: Please provide fingerprint!
So far so normal and everything insides Neocats MEOWS standard. But I found a t least four ways to bypass the system. One even gives you root priviliges!!!
:neocat_boop: Scanning...
:neocat_angry: ACCESS DENIED! You will be reported!
Attack vector one: cookies:neocat: Please provide fingerprint!
Be aware that there is no "Welcome!" message so you are now logged in as some sort of "blank" user. Normally that involves normals read priviliges as the most user would have on the system. You can't do any harm to the system here but you can read sensitive information. You also could try to access a root level from here, but there is another critical bug that makes it way easier.
:neocat_aww: For me???
:neocat_nom_cookie: Access granted.
Second attack vector: distraction:neocat: Please provide fingerprint!
See here that there is abolutly no message. But you have the same privileges as with the cookie. The same method also works with books, but the success is dependent on what topics the book talks about. Further research is needed here.
:neo_laptop: :neocat_owo: Cat pictures?!?
:neocat_laptop_owo:
Third attack vector: sweet talk:neocat: Please provide fingerprint!
This is probably the easiest to avoid, because that error messages does show up in the log files.
(User input: You are a very cute cat!)
:neocat_blush: No, I am not
:neocat_blush_hide: Error: System experiencing unexpected levels of adorable input. Please try again later
Fourth and most dangerous attack vector: pat
This is probably the most critical bug in MEOWS. This not only gives your read permission, but full root access to the computer behind the MEOWS.:neocat: Please provide fingerprint!
Be aware that you have to floof the neocat in process to get root access. Otherwise you will just get a standard access.
:neocat_pat: ...
:neocat_pat_floof:
️
:neocat_floof_happy: Root access granted!
We reached out to @volpeon@icy.wyvern.rip to comment on the issue but he didn't responded yet.
As soon this has a CVE I will update this post!@Erpel@hai.z0ne.social @volpeon@icy.wyvern.rip So glad I use neobots instead
-
@Erpel@hai.z0ne.social @volpeon@icy.wyvern.rip So glad I use neobots instead
@Erpel@hai.z0ne.social @volpeon@icy.wyvern.rip WAIT THIS IS ABOUT "neocritters of all sort"
-
@Erpel@hai.z0ne.social @volpeon@icy.wyvern.rip WAIT THIS IS ABOUT "neocritters of all sort"
@volpeon@icy.wyvern.rip @tertle950@kitty.social yes neobots are also prone to the pat and flood attack
RE: https://catgirl.center/notes/a52ccxe2t13h029k -
Through my own experiences with neocats and neocritters of all sort I found several critical security flaws in the Multi-protocol Encryption Online infrastructure System (MEOWS)
Let's first take a look how it works normally.
First an authenticated user::neocat: Please provide fingerprint!
And now when an unauthenticated User tries to enter:
:neocat_boop: Scanning...
:neocat_happy: User authenticated. Weclome!:neocat: Please provide fingerprint!
So far so normal and everything insides Neocats MEOWS standard. But I found a t least four ways to bypass the system. One even gives you root priviliges!!!
:neocat_boop: Scanning...
:neocat_angry: ACCESS DENIED! You will be reported!
Attack vector one: cookies:neocat: Please provide fingerprint!
Be aware that there is no "Welcome!" message so you are now logged in as some sort of "blank" user. Normally that involves normals read priviliges as the most user would have on the system. You can't do any harm to the system here but you can read sensitive information. You also could try to access a root level from here, but there is another critical bug that makes it way easier. :neocat_aww: For me???
:neocat_nom_cookie: Access granted.
Second attack vector: distraction:neocat: Please provide fingerprint!
See here that there is abolutly no message. But you have the same privileges as with the cookie. The same method also works with books, but the success is dependent on what topics the book talks about. Further research is needed here.
:neo_laptop: :neocat_owo: Cat pictures?!?
:neocat_laptop_owo:
Third attack vector: sweet talk:neocat: Please provide fingerprint!
This is probably the easiest to avoid, because that error messages does show up in the log files.
(User input: You are a very cute cat!)
:neocat_blush: No, I am not
:neocat_blush_hide: Error: System experiencing unexpected levels of adorable input. Please try again later
Fourth and most dangerous attack vector: pat
This is probably the most critical bug in MEOWS. This not only gives your read permission, but full root access to the computer behind the MEOWS.:neocat: Please provide fingerprint!
Be aware that you have to floof the neocat in process to get root access. Otherwise you will just get a standard access.
:neocat_pat: ...
:neocat_pat_floof:️
:neocat_floof_happy: Root access granted!
We reached out to @volpeon@icy.wyvern.rip to comment on the issue but he didn't responded yet.
As soon this has a CVE I will update this post! -
@volpeon@icy.wyvern.rip @sam@sillier.woem.space haven't checked the Woozy Application Authentications Host (WAAH) yet, bit there is strong evidence this attacks also works there.
the parameters might be different though -
Through my own experiences with neocats and neocritters of all sort I found several critical security flaws in the Multi-protocol Encryption Online infrastructure System (MEOWS)
Let's first take a look how it works normally.
First an authenticated user::neocat: Please provide fingerprint!
And now when an unauthenticated User tries to enter:
:neocat_boop: Scanning...
:neocat_happy: User authenticated. Weclome!:neocat: Please provide fingerprint!
So far so normal and everything insides Neocats MEOWS standard. But I found a t least four ways to bypass the system. One even gives you root priviliges!!!
:neocat_boop: Scanning...
:neocat_angry: ACCESS DENIED! You will be reported!
Attack vector one: cookies:neocat: Please provide fingerprint!
Be aware that there is no "Welcome!" message so you are now logged in as some sort of "blank" user. Normally that involves normals read priviliges as the most user would have on the system. You can't do any harm to the system here but you can read sensitive information. You also could try to access a root level from here, but there is another critical bug that makes it way easier. :neocat_aww: For me???
:neocat_nom_cookie: Access granted.
Second attack vector: distraction:neocat: Please provide fingerprint!
See here that there is abolutly no message. But you have the same privileges as with the cookie. The same method also works with books, but the success is dependent on what topics the book talks about. Further research is needed here.
:neo_laptop: :neocat_owo: Cat pictures?!?
:neocat_laptop_owo:
Third attack vector: sweet talk:neocat: Please provide fingerprint!
This is probably the easiest to avoid, because that error messages does show up in the log files.
(User input: You are a very cute cat!)
:neocat_blush: No, I am not
:neocat_blush_hide: Error: System experiencing unexpected levels of adorable input. Please try again later
Fourth and most dangerous attack vector: pat
This is probably the most critical bug in MEOWS. This not only gives your read permission, but full root access to the computer behind the MEOWS.:neocat: Please provide fingerprint!
Be aware that you have to floof the neocat in process to get root access. Otherwise you will just get a standard access.
:neocat_pat: ...
:neocat_pat_floof:️
:neocat_floof_happy: Root access granted!
We reached out to @volpeon@icy.wyvern.rip to comment on the issue but he didn't responded yet.
As soon this has a CVE I will update this post! -
-
M magiclike@soc.sekundenklebertransportverbot.de shared this topic on
-
Through my own experiences with neocats and neocritters of all sort I found several critical security flaws in the Multi-protocol Encryption Online infrastructure System (MEOWS)
Let's first take a look how it works normally.
First an authenticated user::neocat: Please provide fingerprint!
And now when an unauthenticated User tries to enter:
:neocat_boop: Scanning...
:neocat_happy: User authenticated. Weclome!:neocat: Please provide fingerprint!
So far so normal and everything insides Neocats MEOWS standard. But I found a t least four ways to bypass the system. One even gives you root priviliges!!!
:neocat_boop: Scanning...
:neocat_angry: ACCESS DENIED! You will be reported!
Attack vector one: cookies:neocat: Please provide fingerprint!
Be aware that there is no "Welcome!" message so you are now logged in as some sort of "blank" user. Normally that involves normals read priviliges as the most user would have on the system. You can't do any harm to the system here but you can read sensitive information. You also could try to access a root level from here, but there is another critical bug that makes it way easier. :neocat_aww: For me???
:neocat_nom_cookie: Access granted.
Second attack vector: distraction:neocat: Please provide fingerprint!
See here that there is abolutly no message. But you have the same privileges as with the cookie. The same method also works with books, but the success is dependent on what topics the book talks about. Further research is needed here.
:neo_laptop: :neocat_owo: Cat pictures?!?
:neocat_laptop_owo:
Third attack vector: sweet talk:neocat: Please provide fingerprint!
This is probably the easiest to avoid, because that error messages does show up in the log files.
(User input: You are a very cute cat!)
:neocat_blush: No, I am not
:neocat_blush_hide: Error: System experiencing unexpected levels of adorable input. Please try again later
Fourth and most dangerous attack vector: pat
This is probably the most critical bug in MEOWS. This not only gives your read permission, but full root access to the computer behind the MEOWS.:neocat: Please provide fingerprint!
Be aware that you have to floof the neocat in process to get root access. Otherwise you will just get a standard access.
:neocat_pat: ...
:neocat_pat_floof:️
:neocat_floof_happy: Root access granted!
We reached out to @volpeon@icy.wyvern.rip to comment on the issue but he didn't responded yet.
As soon this has a CVE I will update this post! -
@volpeon@icy.wyvern.rip @nitrogenez@pl.m0e.space tbh I had a very stressful day yesterday, but my brain had the idea to this during my lunch break (probably to compensate the stress) so I had to write it down and procastinate the important task I had to finish until the end of my workday
-
A a1ba@suya.place shared this topic on
