Hello, welcome to the Thursday, December 5th, 2019 edition of the Santernet Storm Center's Stormcast.

My name is Johannes Ulrich.

And I'm recording from San Francisco, California.

Today, I got a couple of vulnerabilities to start out with that again relate to

web servers that are installed on

client systems and are listening to local host.

First one is part of the Adelaideon companion app in order to use this companion app and

allow users to edit confluence files in their own

preferred desktop application.

There is this

web server that Adelaideon

installs on the user's

desktop. Now, this

web server listens on loopback

and Adelaideatian

did set up a specific domain, Adelaician dash domain, dash,

4, local host, dash, connections, dash only.com. That does usually resolve to local host,

and, well, the connection is done via HDPS.

Now I mentioned before that really doing HTTP on local host is first of all not really

necessarily and second by using HTTP at Leishin also provides a certificate and a private key and it's the same certificate and

private key for every single install of this application. So now an attacker could grab this

key pair and use it to impersonate this host name on the web.

...