Summary
An attacker can make a Kitsune server recognize that they have an account with arbitrary content on a victim server's domain, if the victim server allows arbitrary users to upload documents.
Details
Kitsune's ActivityPub fetcher doesn't check the response's Content-Type, and accepts it even if the server doesn't mean that it's an Activity Streams document.
Affected code:
|
pub async fn fetch_actor(&self, opts: FetchOptions<'_>) -> Result<Account> { |
There are some possible solutions to this problem:
- Check
Content-Type of the response
- Mandate WebFinger support on the federating servers (like Mastodon does. Possibly as part of #349)
I prefer the former option because it seems to be more faithful to the ActivityPub standard, but the ActivityPub recommendation doesn't state that a federating server MAY reject a response without proper Content-Type either, AFAICT.
PoC
None yet.
Impact
For example, an attacker can create a GitHub Gist containing an Activity Streams document with preferredUsername being GitHub, so that they can assume a false handle name of @[email protected].
AT Protocol has (or had?) a similar problem. Mastodon isn't affected by this because it mandates WebFinger support.
Summary
An attacker can make a Kitsune server recognize that they have an account with arbitrary content on a victim server's domain, if the victim server allows arbitrary users to upload documents.
Details
Kitsune's ActivityPub fetcher doesn't check the response's
Content-Type, and accepts it even if the server doesn't mean that it's an Activity Streams document.Affected code:
kitsune/crates/kitsune-core/src/activitypub/fetcher.rs
Line 92 in 738d21c
There are some possible solutions to this problem:
Content-Typeof the responseI prefer the former option because it seems to be more faithful to the ActivityPub standard, but the ActivityPub recommendation doesn't state that a federating server MAY reject a response without proper
Content-Typeeither, AFAICT.PoC
None yet.
Impact
For example, an attacker can create a GitHub Gist containing an Activity Streams document with
preferredUsernamebeingGitHub, so that they can assume a false handle name of@[email protected].AT Protocol has (or had?) a similar problem. Mastodon isn't affected by this because it mandates WebFinger support.