Ttyd vulnerability

anon50098793 · November 15, 2020, 12:00pm

not allowed to create threads under security announcements...

users of ttyd (luci-app-docker) are advised this package opens unauthenticated root access via lan... mitigation involves reconfiguring to require login.

uci -q set ttyd.@ttyd[0].command='/bin/login'
uci commit ttyd

anon50098793 · December 21, 2020, 12:35am

one month ( since reported... ) and still vulnerable...

vgaetera · December 21, 2020, 1:03am

@tsl0922

anon50098793 · February 12, 2021, 2:48pm

great to see this backdoor finally closed...

system · February 22, 2021, 2:48pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.