For the Trustico folks: While I imagine you're quite busy remediating this serious issue: Can you state whether it would be possible to access any of the private keys you store using this root shell?
Alex On Thu, Mar 1, 2018 at 10:28 AM, Hanno Böck via dev-security-policy < [email protected]> wrote: > Hi, > > On twitter there are currently some people poking Trustico's web > interface and found trivial script injections: > https://twitter.com/svblxyz/status/969220402768736258 > > Which seem to run as root: > https://twitter.com/cujanovic/status/969229397508153350 > > I haven't tried to reproduce it, but it sounds legit. > > -- > Hanno Böck > https://hboeck.de/ > > mail/jabber: [email protected] > GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
