Security News > 2024 > February > Mastodon Vulnerability Allows Hackers to Hijack Any Decentralized Account

Mastodon Vulnerability Allows Hackers to Hijack Any Decentralized Account
2024-02-03 06:51

The decentralized social network Mastodon has disclosed a critical security flaw that enables malicious actors to impersonate and take over any account. "Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account," the maintainers said in a terse advisory. The vulnerability, tracked as CVE-2024-23832, has a severity rating of 9.4 out of


News URL

https://thehackernews.com/2024/02/mastodon-vulnerability-allows-hackers.html

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-02-01 CVE-2024-23832 Authentication Bypass by Spoofing vulnerability in Joinmastodon Mastodon
Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication.
network
low complexity
joinmastodon CWE-290
critical
 9.8
9.8