Shadowsocks Log Manipulation / Command Execution
Posted by deepcore on October 15, 2017 – 2:33 pm
Several issues have been identified, which allow attackers to manipulate log files, execute commands and to brute force Shadowsocks with enabled autoban.py brute force detection. Brute force detection from autoban.py does not work with suggested tail command. The key of captured Shadowsocks traffic can be brute forced. The latest commit 2ab8c6b on Sep 6, 2017 is affected.
Post a reply
You must be logged in to post a comment.