knock icon indicating copy to clipboard operation
knock copied to clipboard

Published 20 hours ago verified publisher icon jvinet

knockd Security Disclosure

Open secdefect opened this issue 10 months ago • 3 comments

Hi all,

I've found a significant vulnerability in knockd, how should I report this. I emailed Judd last week but haven't had a response, understandable as he's probably a busy guy.

Can anyone advise on a different email address or a different contributor that I can disclose the issue to.

Cheers now

secdefect avatar Apr 09 '24 09:04 secdefect

Hi,

Judd indicated he doesn't have much time for the project any longer here. Either you wait a bit until he answers, or you disclose here so people can patch their own builds. Not sure whats the best way to go. I do have a fork, but I'm also not using knockd actively anymore, nor I'm developing or adding features to my fork. Anyhow I would apply a patch just in case someone use the fork. Still I'm not sure if it is good to disclose if this root repo is not patched.

Cheers

TDFKAOlli avatar Apr 09 '24 18:04 TDFKAOlli

Cheers for the reply

We will fork and propose a fix. If anyone can review and merge then that will be great. Having it marked as a published bug may help people decide if they build with the fix or use something else.

secdefect avatar Apr 15 '24 11:04 secdefect

Hello @secdefect, have you received an answer from Judd? If not, have you disclosed the vulnerability?

evoke0 avatar Apr 27 '24 13:04 evoke0