Security vulnerability / hardening

[Knoxi-Code]

My application monitoring see that Firefox joining tcp 127.0.01 lochost, port 30035, this is the same port for the moolticut communication between mooltipass and moolticut. At the first moment i thinking it was the communcation between mooltipass and firefox extension, but it wasent, a application that communicate out of a system and join the the port that transfer the crypted passwords between manager and device, can be a MIT attck to snif data!

If the firefox extension need over tcp lochost let they communicate over a other port, not the same port that communicate with the moolticut.app too. This prevent when the browser is okjupied, that not in the same commuication port between manager.app and device to prevent a MIT attack.

Debian 12 I love your work, keep it up :)

[limpkin]

hello, I'm very sorry but I don't understand your issue... could you rephrase?

[Jan-NiklasB]

If I get it right Knoxi-Code states, that the communication between the moolticute and the mooltipass uses the same port as the communication between moolticute and the browser extension. He thinks that it could open the possibility of a Man in the Middle attack by sniffing the port.

Is that right @Knoxi-Code?

[Knoxi-Code]

Sorry that I'm only getting in touch now :)

@Jan-NiklasB yes that the point, this is the first time I have seen this.

The problem is that it is possible to hide code within an application using code injection or code migration. Now there is hardly any reason why Firefox should access the same port, that use moolticut to comunicate with the device.

or is the connection form firefox to the port 30035, from the firefox extension ? If so, wouldn't it be safer to run them via a different port ?

[limpkin]

I apologize for my delayed answer... We're basically using a daemon listening to port 30035, which listens to communications coming from either moolticute GUI or the extensions. Any program can therefore communicate with it. The data flow is Mooltipass to daemon through USB then daemon to client through local networking... so I'm still not sure what the potential issue would be?