One Article Review
| Source |  Reversemode |
|---|---|
| Identifiant | 8654603 |
| Date de publication | 2022-06-08 17:36:48 (vue: 2025-03-07 20:12:10) |
| Titre | Attaques de désanonymisation contre les services de proton De-Anonymization attacks against Proton services |
| Texte | En novembre 2021 Yeswehack m'a invité à participer à un programme privé Bounty organisé par bodke Suisse au nom de Proton Ag. La portée du programme était assez intéressante et hétérogène, car elle couvrait la plupart des applications et services offerts par Proton, tels que ProtonMail et ProtonVPN. En conséquence, plusieurs technologies et bases de code étaient dans la portée, allant de TypeScript, dans la partie open source de ProtonMail, à .NET / SWIFT utilisé par les applications protonvpn pour Windows et MacOS respectivement. |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | #app #import i in it the there this what will ywh *data *remoteinterface *server *xpcconnection +=&; +xml|apng|tiff /// //bogus //configuration //important //sabre//sabre //trigger />; /^# /^data:image /button/button /button>; /exploit /hooks /poc /xn 02: 03: 04: 05: 06: 07: 08: 09: 0as 0the 10: 10remote 11: 11draft 12: 12message 1337; 13: 13app 144 144:51820 145 14: 15: 168 16: 17: 188: 189: 18: 19041; 192 19: 19this 2021 20: 2110271532 21: 22: 23: 24: 25: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 3this 3windows 40: 41: 42: 43: 44: 45: 46: 47: 48: 49: 4e56 50: 51820 51: 52: 53: 54: 55: 56: 57: 58: 59: 5this 5windows 6//en 60: 61: 62: 63: 64: 65: 66: 67: 68: 69: 6macos 70: 71: 72: 73: 74: 75: 76: 77: 78: 79: 80: 81: 82: 83: 846c 84: 85: 86: 87: 88: 89: 8impropersanitization 90: 91: 92: 93: 94: 95: 96: 972e 991839c43e96 9cbfa390042639ca37f5aaaccdd82a571d736905/apps/macos/extensionsipc/ipcbaseconnection :// :gif|png|jpeg|bmp|webp|svg :www ;:&= ;base64/; ;poc ;return ;the ;unfortunately === =>setshowanyways >console >nuget @end @escaping @implementation @interface @objc @protocol @proton/shared/lib/constants @proton/shared/lib/helpers/validators `proton aaaaqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbqufbcccc abiding ability able about above abused accept accepted access according account across action actions activists activity actor actors adapter add adding additional address addressed addresses admin administrator adr;type=home:;;;;;; adversarial adversaries against aggregate algorithm all alloc allow allowed allows almost already also although always amd64 amount analysis analyze androidkotlin/javaprotonmail androidywh anonymization anonymize another any anyone anything api api: app app/src/protonvpn appcommunication apple application applications applications:net apply apppaths approach approaches approachin apps arbitrary are arg1; arg2 arg3; args ascii assigningip assuming asymmetrickeypaircontract attack attacker attackers attacks attendee attendees attending attr attribute attributes authenticated automatic automatically availability available away b$/i; back backed backend backwards bad base64 based basically because beefed been before behalf behavior behind being belongs below beta binary bind bit blocking bool boot bounty box briefly broken bug build bundleid bunker but button by bug bypass bypassed bypassing byte bytes bytes; calendar calendars callback callbackbehavior callbacking can cancel captured case certain certainly certificate chances change changed changed: channel channel: channel; channelfactory channelfactory; channelfactoryt> check checking checks claims class client clientcertpem clientkeypair code codebase codebases collaboration collected collections color column com/blog/protoncalendar com/en com/forums/thread/72881 come command comments common common; communicates communications compile compiling complain complete completedtask; completionhandler: completionhandler:^ complying component composer compute computehash computer computing concat concurrencymode conditions config config; configuration configure connect connected connecting connection connections connectionsprotonvpnywh connects connrequest conreq conreq; consideration considered console consoleapp1 const constregex consuming contact contacts contain contained containing contains content contentprotection contents context continue contract contracts; contribute control controlled convenient core corner correlation correlation/timing corrupt corrupting could country couple covered crafted createchannel created createivpnconnectioncontract> createt> creating credentials credentials; crypto crypto; cryptographic cryptographically cs26: csusing current currentconnection currentstate custom customdns customports customports; d+$/; data data: datacenter datamember datamembers dated datetimeoffset decode default defensive delegate deployed descriptionthe design detailed detailedhtmlprops detailedhtmlpropsimghtmlattributeshtmlimageelement> details detailsat detailsthe |
| Tags | Vulnerability Threat Legislation Industrial Technical |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.