Closed Bug 1549918 Opened 6 years ago Closed 6 years ago

RCE @ mozilla autopush

Categories

(Websites :: Other, task)

Product:
Websites
Component:
Other
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: simonjohnathan, Unassigned)

Details

(Keywords: reporter-external, Whiteboard: [reporter-external] [web-bounty-form] [verif?])

AWS credentials:
adm_creds = json.dumps({
"dev":
{
"app_id": "amzn1.application.StringOfStuff",
"client_id": "amzn1.application-oa2-client.ev4nM0reStuff",
"client_secret": "deadbeef0000decafbad1111"
}
})

@https://github.com/mozilla-services/autopush/blob/cf9b86d823e4b5d82ee0e199248870f39a00b22e/autopush/tests/test_z_main.py

Flags: sec-bounty?

Thanks for looking at this Johnathan.

https://github.com/mozilla-services/autopush/blob/cf9b86d823e4b5d82ee0e199248870f39a00b22e/autopush/tests/test_z_main.py#L314-L321 are placeholder creds. Amazon API keys start with AKIA https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys

Group: websites-security
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → INVALID

(In reply to Johnathan Simon from comment #2)

I think you can generate access token with these:
https://developer.amazon.com/docs/amazon-drive/ad-restful-api-getting-started.html#authorization-code-grant

True, I don't think they're valid though. We'd be interested if you're able to use them to generate working creds.

Flags: sec-bounty? → sec-bounty-
You need to log in before you can comment on or make changes to this bug.