Gregory's Server
"Mastodon vulnerability allows attackers to take over accounts"
Snopes: Mixed
It's a serious vulnerability for sure: "allowing attackers to impersonate users and take over their accounts"
But while this part is true: "allowing attackers to impersonate users"
This part is exaggerated: "and take over their accounts"
Impersonating remote users doesn't allow you to log in as them, change their email or password, etc. It allows people to submit forged posts by them, and "trick" Mastodon servers into accepting it. Either way, interesting that this leaks into the wider web.
RT: https://noauthority.social/users/Dan_Ramos/statuses/111871157549735051
Snopes: Mixed
It's a serious vulnerability for sure: "allowing attackers to impersonate users and take over their accounts"
But while this part is true: "allowing attackers to impersonate users"
This part is exaggerated: "and take over their accounts"
Impersonating remote users doesn't allow you to log in as them, change their email or password, etc. It allows people to submit forged posts by them, and "trick" Mastodon servers into accepting it. Either way, interesting that this leaks into the wider web.
RT: https://noauthority.social/users/Dan_Ramos/statuses/111871157549735051