this post was submitted on 26 Sep 2024
9 points (100.0% liked)

Photon

1 readers
1 users here now

Photon for Lemmy

A client for the fediverse designed to be intuitive, fast, and beautiful.

Share your themes, ask questions, report bugs, or check on the latest updates here!

You can contact the dev at @Xylight@lemdro.id.

Rules

  1. Posts must be related to Photon in any way
  2. Don't be mean
  3. If your post is a bug report, please preface the title with [solved] if it's been fixed.

founded 10 months ago
MODERATORS
 

this security issue can only be triggered by users fault, but it's up to the UI designer to prevent user mistakes causing potential credential leaks.

The login page

The login page is designed to be as simple as possible. Only 1 page, no extra steps. It'll validate whatever instance url you type in to ensure it's actually a Lemmy instance.

The problem

If the user mistypes the instance url to a typo squatting instance, your credentials were just sent straight to them. Bad. For example, I could setup an instance named lemmu.world, and if someone accidentally mistypes lemmy.world as that, I get their credentials for free.

Potential solutions

I'm not sure which one would be best as they all have problems.

  • Require you to type the instance before you can start typing your credentials.
    • This complicates things and adds an extra step. This also wouldn't completely solve the problem.
  • Add an auto complete list
    • This will work for popular instances as they'll know that they have the wrong url because it disappeared from the auto complete. However, I'd need to keep this list updated and id prefer photon to have minimal external ties. This also wouldn't work for small instances.
  • Add typo checking
    • This has the same problem as above as I'd need to keep common misspellings updated and I want photon to have minimal external ties.

Any ideas? For now, this isn't a problem as long as you double check the instance you're logging in with, and there's no cases of this AFAIK.

you are viewing a single comment's thread
view the rest of the comments
[–] ptz@dubvee.org 1 points 1 month ago

Tesseract works like your option 1: Require typing the instance before credentials, and they're on separate pages (though they wouldn't strictly have to be). It then populates the sidebar/banner from the instance entered. The impostor / typo-squatting instance would have to match the site details, logo, banner, and spoof the activity stats (though the user would be expected to check what's displayed is correct for the instance they're logging into).

e.g https://tesseract.dubvee.org/login