shadowsocks-org icon indicating copy to clipboard operation
shadowsocks-org copied to clipboard
verified publisher icon shadowsocks

Shadow on the wall / Risks and flaws with Shadowsocks

Open chenshaoju opened this issue 7 years ago • 4 comments

There is a document write by X41 D-Sec team.

https://github.com/x41sec/slides/tree/master/2018-passthesalt

chenshaoju avatar Jul 10 '18 03:07 chenshaoju

There's nothing to do. I believe exploitation of autoban.py is already known before this. The other exploitation is already fixed (see https://github.com/shadowsocks/shadowsocks-libev/issues/1734). I think in real world exploitation of the bug in ss-manager in shadowsocks-libev isn't possible unless the user intentionally misconfigured it like allowing end user to customize their passwords (you should not do that). And the rest of the talk is unrelated to this organization.

Mygod avatar Jul 10 '18 03:07 Mygod

@Mygod, unfortunately shadowsocks-libev allows localhost access, which exposes the ss-manager (and any other service running on localhost) to any client. This is something that should be fixed asap.

fortuna avatar Apr 05 '19 00:04 fortuna

@fortuna

https://github.com/shadowsocks/shadowsocks-libev/blob/master/README.md#security-tips

madeye avatar Apr 05 '19 00:04 madeye

@madeye, the argument that ss-server is insecure by default still stands, even if there are ways of securing it. localhost access should be disabled by default, and only be enabled by those that know what they are doing.

@chenshaoju the security issues are not of the Shadowsocks protocol. Maybe this issue should be moved to the shadowsocks-libev repository.

fortuna avatar Aug 02 '19 21:08 fortuna