acode-plugin-acodex icon indicating copy to clipboard operation
acode-plugin-acodex copied to clipboard

Published 20 hours ago verified publisher icon bajrangCoder

Insecure connection could allow RCE

Open ShaKabosh opened this issue 2 years ago • 3 comments

If the server is installed on Termux, then it seems as though anyone could, knowing your IP address, easily connect to the websocket unauthenticated and have RCE through Termux, which is especially bad if your phone is rooted.

ShaKabosh avatar May 05 '23 12:05 ShaKabosh

Yes, but this is local server no one can access other than you, but if you will give your phone then it may be insecure.

Or if you have any suggestions for this , you can provide. i will happy to see.

bajrangCoder avatar May 05 '23 13:05 bajrangCoder

If the server is on when we're surfing the web...

Then a evil (?) page surely knows your one of your IP as 127.0.0.1, and he cound connect to it easily by start a WebSocket and grab a shell of your phone...

Port could be scanned, too.

Some authentication is needed.

14725 avatar Jun 03 '23 08:06 14725

Ok , In next update I will add authentication system ♥️♥️

bajrangCoder avatar Jun 03 '23 08:06 bajrangCoder