Serious Data Exposure Vulnerabilities Spotted In OnionShare Platform


OnionShare vulnerabilities

According to a recent advisory from the IHTeam, their researchers spotted two security vulnerabilities in OnionShare. Briefly, OnionShare is an open-source communication service offering secure chats, file sharing, and other communication features. The tool works over the Tor network and is popular among security researchers, journalists, and whistleblowers for private communications. Regarding the bugs, the first of these includes an unauthenticated file upload (CVE-2021-41868). The bug existed due to a logic issue in the function that allowed anyone to upload a file in a remote OnionShare instance before an authentication check.

Read more…