Issue F. `oonid` Lacks Authentication Checks
At 2014-05-05 13:07:37 Arturo Filastò wrote: Reported: 2014-04-10
Applies To: ooni-probe
Synopsis:
By default, oonid
listens on a public IP address and does not have a mechanism
for authentication. This allows anyone who can connect to the daemon to run
tests, which may aid malicious attacks, such as using the TCP connection test
for port scanning.
Impact:
The attacker can coerce the ooni-probe
daemon into performing attacks against
other systems without the operator's consent.
Preconditions:
ooni-probe
must be installed and oonid
must be running and listening on
a public IP address.
Feasibility:
Exploitation is easy, since it can be done using a web browser to connect to the
ooni-probe
daemon, upload test inputs, and run tests. This can also be automated
with a script that makes requests to the API.
Verification:
This vulnerability has been verified by source code inspection and by running
the oonid
in the GitHub repository.
Technical Details:
The TCP server is created in ooni-probe/ooni/oonid.py
:
def getOonid():
director = Director()
director.start()
oonidApplication.director = director
return internet.TCPServer(int(config.advanced.oonid_api_port), oonidApplication)
Mitigation:
Users can mitigate this risk by setting up firewall rules to prevent
unauthorized access to oonid
.
This issue was automatically migrated from github issue https://github.com/TheTorProject/ooni-probe/issues/319