s::can moni::tools 4.2+ now uses a secure database connection to avoid SQL injection and other security issues.

In s::can moni::tools before version 4.2 an attacker could perform man-in-the-middle attacks via the X-Forwarded-For HTTP header. This may result in loss of integrity and hijacking the session.

s::can moni::tools 4.2+ now enforces HTTPS for secure communication. This may result in loss of integrity and hijacking the session.

s::can moni::tools before version 4.2 was vulnerable to an XSS attack due to the usage of non-standard character encodings. This may result in loss of integrity and injection of malicious code.

s::can moni::tools 4.2+ now uses the UTF-8 character encoding standard. This may result in loss of integrity and injection of malicious code.

In s::can moni::tools before version 4.2 an attacker could bypass the CSRF protection by submitting a request to the s::can moni::tools login endpoint with a crafted X-FROM header. This may result in loss of confidentiality and integrity.

s::can moni::tools 4.2+ now enforces strict CSRF protection via the X-FROM and X-TOKEN header restrictions. This may result in loss of integrity and prevention of session hijacking.

Authentication bugs s::can moni::tools 4.2+ includes a new authentication mechanism that better protects against known and unknown attack vectors.

Timeline

Published on: 11/15/2022 21:15:00 UTC
Last modified on: 11/17/2022 05:21:00 UTC

References