Read the statement by Michael Teeuw here.
Do we need to worry about vulnerabilities?
-
Having refreshed my build recently, I’ve noticed a number of modules flagging node modules as vulnerable, many high.
Is this something realistically we need to be concerned about?
-
@funkoid generally no. if this was a public website with lots of users concurrently maybe.
-
@sdetweil There is a new SSH security vulnerability identified in December. CVE-2023-48795. Any chances this would be a problem to this project in anyway? I do know that it requires an active MITM (Man in the middle). Short description below.
SSH vulnerability exploitable in Terrapin attacks (CVE-2023-48795) Security researchers have discovered a vulnerability (CVE-2023-48795) in the SSH cryptographic network protocol that could allow an attacker to downgrade the connection’s security by truncating the extension negotiation message.
-
@mumblebaj again this is possible IF the one of these systems is ON the internet… but typically this is pc on same house network as pi…
and 192.168 , 172 and 10. networks are not routable over the internet, so your device would have to have a ip address on the other side of the ISP router… or and open port (port forwarding)
if you need remote ssh use the stuff I started posting about here
https://forum.magicmirror.builders/post/114693
I will never have another port forwarded port
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login