The decentralized social network Mastodon has disclosed a critical security flaw that enables malicious actors to impersonate and take over any account.
"Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account," the maintainers said in a terse advisory.
The vulnerability, tracked as CVE-2024-23832, has a severity rating of 9.4 out of a maximum of 10. Security researcher arcanicanis has been credited with discovering and reporting it.
https://thehackernews.com/2024/02/masto ... ckers.html