On Thursday, 1 March 2018 15:32:56 UTC, Alex Gaynor wrote: > For the Trustico folks: > > While I imagine you're quite busy remediating this serious issue: Can you > state whether it would be possible to access any of the private keys you > store using this root shell? > > Alex > > > On Thu, Mar 1, 2018 at 10:28 AM, Hanno Böck via dev-security-policy < > [email protected]> wrote: > > > Hi, > > > > On twitter there are currently some people poking Trustico's web > > interface and found trivial script injections: > > https://twitter.com/svblxyz/status/969220402768736258 > > > > Which seem to run as root: > > https://twitter.com/cujanovic/status/969229397508153350 > > > > I haven't tried to reproduce it, but it sounds legit. > > > > -- > > Hanno Böck > > https://hboeck.de/ > > > > mail/jabber: [email protected] > > GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 > > _______________________________________________ > > dev-security-policy mailing list > > [email protected] > > https://lists.mozilla.org/listinfo/dev-security-policy > >
There's a similar report here: https://twitter.com/Manawyrm/status/969230542578348033 _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
