Summary
An attacker can make a Kitsune server recognize that they have an account with arbitrary content on a victim server's domain, if the victim server allows arbitrary users to upload documents.
Details
Kitsune's ActivityPub fetcher doesn't check the response's Content-Type
, and accepts it even if the server doesn't mean that it's an Activity Streams document.
Affected code:
|
pub async fn fetch_actor(&self, opts: FetchOptions<'_>) -> Result<Account> { |
There are some possible solutions to this problem:
- Check
Content-Type
of the response
- Mandate WebFinger support on the federating servers (like Mastodon does. Possibly as part of #349)
I prefer the former option because it seems to be more faithful to the ActivityPub standard, but the ActivityPub recommendation doesn't state that a federating server MAY reject a response without proper Content-Type
either, AFAICT.
PoC
None yet.
Impact
For example, an attacker can create a GitHub Gist containing an Activity Streams document with preferredUsername
being GitHub
, so that they can assume a false handle name of @[email protected]
.
AT Protocol has (or had?) a similar problem. Mastodon isn't affected by this because it mandates WebFinger support.
Summary
An attacker can make a Kitsune server recognize that they have an account with arbitrary content on a victim server's domain, if the victim server allows arbitrary users to upload documents.
Details
Kitsune's ActivityPub fetcher doesn't check the response's
Content-Type
, and accepts it even if the server doesn't mean that it's an Activity Streams document.Affected code:
kitsune/crates/kitsune-core/src/activitypub/fetcher.rs
Line 92 in 738d21c
There are some possible solutions to this problem:
Content-Type
of the responseI prefer the former option because it seems to be more faithful to the ActivityPub standard, but the ActivityPub recommendation doesn't state that a federating server MAY reject a response without proper
Content-Type
either, AFAICT.PoC
None yet.
Impact
For example, an attacker can create a GitHub Gist containing an Activity Streams document with
preferredUsername
beingGitHub
, so that they can assume a false handle name of@[email protected]
.AT Protocol has (or had?) a similar problem. Mastodon isn't affected by this because it mandates WebFinger support.