Wednesday, 5 August 2015

Leak In Popcorn Time Left To Take Over MITM Attacker Computers

A vulnerability in the popular video streaming service for movies and TV series Popcorn Time made ​​it possible for an attacker to take computers at worst completely. An attacker must in this case be located between the user and the Internet, said researcher Antonios Chariton who discovered the vulnerability.

It involved around two problems. First, it appeared the application over HTTP to connect to the content delivery network (CDN) of CloudFlare. An attacker could via a Man-in-the-middle attack customize the request and from CloudFlare. In addition, the validity of the received data has not been verified. It also showed that this Popcorn Time also made two errors in a NodeJS application.

An attacker could therefore perform cross-site scripting attacks, read files on the computer and eventually execute arbitrary code. In case an attacker is able to increase its local rights, he might even be able to get root privileges on the system. After Chariton Popcorn Time briefed the streaming service came a day later with a solution .

No comments:

Post a Comment