James-PE (Starnix) on Nostr: Curator of Mastodon.art fediblock :newt: Pleroma's Admin-FE allows you to log in ...
Curator of Mastodon.art fediblock :newt: (npub1wc2…4sk7) Pleroma's Admin-FE allows you to log in without 2FA, and someone got access to graf's account from poast, so basically Pleroma has a security vulnerability for admins. The canary looks like it's no longer updated because of this.
Published at
2023-05-26 01:57:24Event JSON
{
"id": "c6bd956648b89c83fbc0cda5d4841e22914abb001764b47bb8a124ec34eab1ad",
"pubkey": "b27286b38aff4ba2ebd0ed0c8333d907571ce385925163f9344aa4c74f042ce5",
"created_at": 1685066244,
"kind": 1,
"tags": [
[
"p",
"7615614e4ed5bed70847ce5a32852a79ddde9dce8a650059f31546d61c1ad441",
"wss://relay.mostr.pub"
],
[
"e",
"bb38e40a960f2010bf95509834c52b8172655ad08bfcd0e1387be3050438896c",
"wss://relay.mostr.pub",
"reply"
],
[
"mostr",
"https://pl.starnix.network/objects/b555f510-53e5-4895-86f8-6d2ba8a92416"
]
],
"content": "nostr:npub1wc2kznjw6kldwzz8eedr9pf208waa8ww3fjsqk0nz4rdv8q663qswt4sk7 Pleroma's Admin-FE allows you to log in without 2FA, and someone got access to graf's account from poast, so basically Pleroma has a security vulnerability for admins. The canary looks like it's no longer updated because of this.",
"sig": "4c46abd62b752a116d9f91e8bc039e3175d6f0e460db54c7ecc3528ca41548b05e3d828526ebde809aa6fd6741166aab430d784b82f6f09af84b0430f5454d38"
}
