DuckDuckGo disclosed a potentially nasty flaw in its server-side software

guest · Feb 2, 2019

DuckDuckGo disclosed a potentially nasty flaw in its server-side software
DuckDuckPwn (almost)
February 2, 2019
https://www.theregister.co.uk/2019/02/02/security_roundup_010219/

Drama in search engine land this week as Google-alternative DuckDuckGo disclosed a potentially nasty flaw in its server-side software.

Bug-hunter Michele Romano took credit for spotting and reporting an information-leaking vulnerability in backend servers that handled some user requests.

The XML External Entity vulnerability would have allowed an attacker to feed maliciously crafted XML files that had local paths embedded within them into DuckDuckGo's backend servers, causing those systems to cough up internal data [...] miscreants could have downloaded sensitive files and documents from the servers using dodgy XML files
Click to expand...

mirimir · Feb 3, 2019

I wonder what adversaries could have downloaded. I mean, DDG doesn't log stuff, right? So what would they have that's "sensitive"?

Daveski17 · Feb 3, 2019

That's quackers ...

Log in or Sign up

DuckDuckGo disclosed a potentially nasty flaw in its server-side software

guest Guest

mirimir Registered Member

Daveski17 Registered Member

Log in or Sign up

DuckDuckGo disclosed a potentially nasty flaw in its server-side software

guest Guest

mirimir Registered Member

Daveski17 Registered Member

Useful Searches