![]() Improve productivity by discussing and sharing ideas, projects and files with real-time or. Communicate and collaborate using team chat and switch to video or audio calls with screen sharing for more efficient teamwork. Replace email, HipChat and Slack with the ultimate team chat software solution. While going through these methods, canAccessRoom method stood out. Rocket.Chat is free, unlimited and open source. An undefined or null user ID indicates that the request is unauthenticated and it returns error-invalid-user. In the snippet above, the code checks if user ID is undefined. Throw new Meteor.Error('error-invalid-user', 'Invalid user', as any) In Rocket.Chat most of the authenticated checks in methods are done by a simple check. Similar to my last vulnerability, I wanted to identify vulnerable methods (functions that could be called via Meteor.call) that had no authentication checks. This makes it easier to identify all potential direct messages between users. When messages are returned, the ID of the user who sent it is also returned. For example, a rid for private message could be UserA’s ID + UserB’s ID. Rids for direct messages are concatenation of the user’s IDs. While they are unique, some of them are easy to guess: rids are unique IDs that help identify these rooms. ![]() Some examples are: channels, direct messages, and group messages. ![]() In Rocket.Chat, rooms are ways you can communicate with other users. This could then be leveraged with a script to monitor messages sent to the channel. In the end, I identified a way to read last messages of any rooms without any authentication. Since services like Rocket.Chat, Slack etc may contain internal and sensitive information, I wanted to see if I could find a way into the service or get a unauthenticated read access to some of the channels and messages. In Rocket.Chat before versions 3.11.3, 3.12.2, and 3.13 an issue with certain regular expressions could lead potentially to Denial of Service. During a recent engagement, a client was using an updated version of Rocket.Chat with registration disabled. Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |