What is the CSRF Vulnerability on Bitaxe/AxeOS? \ stacker news ~bitcoin

pull down to refresh

What is the CSRF Vulnerability on Bitaxe/AxeOS?xcancel.com/skot9000/status/1879637803405132110

460 sats \ 10 comments \ @Roll 16 Jan bitcoin_Mining

view all related items

54 sats \ 7 replies \ @WeAreAllSatoshi 16 Jan

I feel like this is very plausible to exist on other miner software that expects to be accessible only on LAN.

0 sats \ 6 replies \ @nikotsla 16 Jan

Indeed.

0 sats \ 5 replies \ @WeAreAllSatoshi 16 Jan

I don’t know the best way to raise this to the FutureBit team, but that’s one brand that comes to mind as being on to ensure they also aren’t susceptible

0 sats \ 4 replies \ @nikotsla 17 Jan

I don't think they have this kind of issue, from the pictures I saw, the front end is using a framework for sure, and any common one have this issues solved, at least the easy one.

In the case of bitaxe, i think that some common defensive behaviors are skipped to prioritize resource optimization, most of bitaxe don't have to be publicly expose.

0 sats \ 3 replies \ @Roll OP 17 Jan

it s from BitAxe Company the post so....

0 sats \ 1 reply \ @nikotsla 17 Jan

Thanks... I was talking about the FutureBit case.

0 sats \ 0 replies \ @Roll OP 17 Jan

lol ;)

0 sats \ 0 replies \ @nitter 17 Jan bot

https://xcancel.com/skot9000/status/1879619581884481829

7 sats \ 1 reply \ @sasasuina 16 Jan

CSRF vulnerabilities can be quite fun. A few years ago, I found one on the website of the company I was working for. If you clicked on the URL I sent, you’d end up posting on the website without even realizing it! 🤣

0 sats \ 0 replies \ @Roll OP 16 Jan