Closed walterking closed 6 years ago
I verified this, if you do arp -s 169.254.169.254 <victim mac address>
then you can just curl the metadata address and steal credentials as long as you are on the same network(ie, coffee shop).
https://github.com/99designs/aws-vault/commit/9053ba8138ea948c75d2a0cc4ad88636ac0a9fd6
this is how they fixed it.
Ouch, this seems pretty bad. Can we steal that remote address check for hologram?
On May 31, 2018, at 17:45, Valentino Volonghi notifications@github.com wrote:
99designs/aws-vault@9053ba8
this is how they fixed it.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.
Yeah, should be pretty easy to do
https://github.com/AdRoll/hologram/pull/97 This should do it.
Tested this with the latest version of Hologram and this vulnerability is fixed.
I came across https://github.com/99designs/aws-vault/issues/198, not sure if it applies and have nothing to test with, but someone should probably check if this issue applies to hologram or not as it could mean leaking credentials to anyone on the network