OpenList Frontend Insecure TLS Configuration Vulnerability Allowing Man-in-the-Middle Attacks
Vulnerability
A vulnerability exists in OpenList Frontend versions prior to 4.1.10, where TLS certificate verification is disabled by default for all storage driver communications. This misconfiguration allows attackers to intercept and manipulate data during storage operations, enabling Man-in-the-Middle (MitM) attacks. Exploitation can occur through network-level attacks, such as ARP spoofing or rogue Wi-Fi access points, redirecting traffic to malicious endpoints. The vulnerability is fixed in version 4.1.10.
Impact
The vulnerability allows for Man-in-the-Middle attacks, where an attacker can intercept, decrypt, steal, and manipulate data transmitted during storage operations, without any security warnings being triggered.
Reproduction
To reproduce this vulnerability, use OpenList Frontend version 4.1.9 or earlier. Add a storage that uses a TLS-enabled HTTP server as a backend, while the OpenList server is configured to skip TLS verification. The server will establish a connection with the malicious server, allowing interception of authentication cookies used with other storage providers.
Remediation
Users can update to OpenList Frontend version 4.1.10 or later, where this vulnerability is fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.