[Freedombox-discuss] Security/privacy issue for users of Tor onion service or Pagekite
Petter Reinholdtsen
pere at hungry.com
Tue Aug 25 07:25:41 BST 2020
[James Valleroy]
> An issue has been found in FreedomBox that allows anonymous and
> unauthorized users to access private and potentially security relevant
> information. The information is shown on an Apache Server Status page
> and includes the IP address and URL request path for clients accessing
> pages on the server.
Ouch, that was nasty. Anyone could via pagekite look at some of the
valid URLs visited on my Freedombox. Luckily all of them require
authentication, and the only IP address exposed is on the private
(192.168/16) net inside my house.
Is there a CVE assigned to this issue?
--
Happy hacking
Petter Reinholdtsen
More information about the Freedombox-discuss
mailing list