Post APfhs7A5PRsPHbCobo by thenewoil@freeradical.zone
 (DIR) More posts by thenewoil@freeradical.zone
 (DIR) Post #APfhs7A5PRsPHbCobo by thenewoil@freeradical.zone
       2022-11-16T20:00:00Z
       
       1 likes, 2 repeats
       
       Mastodon users vulnerable to password-stealing attackshttps://portswigger.net/daily-swig/mastodon-users-vulnerable-to-password-stealing-attacks
       
 (DIR) Post #APfjuabr5s4f6LVCzo by alxsim@ecoevo.social
       2022-11-16T20:22:49Z
       
       0 likes, 0 repeats
       
       @thenewoil Mastodon users **on the Glitch fork**.This is an important detail...
       
 (DIR) Post #APg8h5il7iCiOKOM4m by geolaw@fosstodon.org
       2022-11-17T01:00:33Z
       
       0 likes, 0 repeats
       
       @thenewoil the article is sensationalist and misleading... this issue only applies if you're on a server that is using Glitch, and if you're saving passwords with your browser. The Mastodon main branch is apparently unaffected by the vulnerability so the vast majority of Mastodon users are fine. My understanding is that this researcher's account is on infosec.exchange and that this particular server was using Glitch and therefore vulnerable (ironically!)