52c38cf94c
Two findings, neither blocked by anything else:
1. src/app/callback/page.js — the OAuth callback page posted the
{ code, state } payload to window.opener with targetOrigin "*", so any
page that opened the popup against the well-known redirect_uri received
the live OAuth code. The expectedOrigins list was already computed but
never used. Iterate over it and pass the origin per send.
2. open-sse/utils/proxyFetch.js — createBypassRequest() set
rejectUnauthorized: false on the HTTPS request that runs after the
Google-DNS-resolved real-IP fallback (used for cloudcode-pa.googleapis,
GitHub Copilot, Cursor, AWS LLM endpoints). Combined with servername:
parsedUrl.hostname this gave SNI-correct connections that nonetheless
ignored cert validation, so an on-path attacker could swap in their
own cert and read the user's API tokens / prompts. Drop the flag.
Detected by Aeon + semgrep (javascript.browser.security.wildcard-postmessage-configuration
+ problem-based-packs.insecure-transport.js-node.bypass-tls-verification).
Severity: HIGH (#1) / MEDIUM (#2).
CWEs: CWE-1385 (#1), CWE-295 (#2).
Co-authored-by: aeonframework <aeon@aeonframework.dev>
|
||
|---|---|---|
| .. | ||
| bypassHandler.js | ||
| claudeCloaking.js | ||
| claudeHeaderCache.js | ||
| clientDetector.js | ||
| cursorChecksum.js | ||
| cursorProtobuf.js | ||
| error.js | ||
| ollamaTransform.js | ||
| proxyFetch.js | ||
| reasoningContentInjector.js | ||
| requestLogger.js | ||
| sessionManager.js | ||
| stream.js | ||
| streamHandler.js | ||
| streamHelpers.js | ||
| usageTracking.js | ||