← Back to team overview

linuxdcpp-team team mailing list archive

  1. linuxdcpp-team team
  2. Mailing list archive
  3. Message #08944

[Bug 1853692] [NEW] Remove hublist.eu Hublist

  Thread PreviousDate PreviousThread Next 
*** This bug is a security vulnerability ***

Public security bug reported:

Hello

I'm opening this issue as a SECURITY one because there is false keyprint
of ADCS hubs.

November 23rd 2019, when trying to parse hublist.eu hublist, I see:

>
adcs://hub.dcbase.org:16591/?kp=SHA256/PNIQER3LUSOKAHBM7NLL273AMF6UGT4LUD7G3A3VCGTILPGWMATQ

It's located in the tar.bz2 too.

Only the website shows the keyprint mismatch, the user with his client
does not see it.

We should remove this kind of hublist that provide false keyprint during
too many years without updating it

More over, I've tried to contact the hub owner May 3, 2019 (7months ago)
about this problem and no action has been taken!!

** Affects: airdcpp
     Importance: Undecided
         Status: New

** Affects: dcplusplus
     Importance: Undecided
         Status: New


** Tags: hublist security

** Information type changed from Private Security to Public Security

** Also affects: airdcpp
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of
Dcplusplus-team, which is subscribed to DC++.
https://bugs.launchpad.net/bugs/1853692

Title:
  Remove hublist.eu Hublist

Status in AirDC++:
  New
Status in DC++:
  New

Bug description:
  Hello

  I'm opening this issue as a SECURITY one because there is false
  keyprint of ADCS hubs.

  November 23rd 2019, when trying to parse hublist.eu hublist, I see:

  >
  adcs://hub.dcbase.org:16591/?kp=SHA256/PNIQER3LUSOKAHBM7NLL273AMF6UGT4LUD7G3A3VCGTILPGWMATQ

  It's located in the tar.bz2 too.

  Only the website shows the keyprint mismatch, the user with his client
  does not see it.

  We should remove this kind of hublist that provide false keyprint
  during too many years without updating it

  More over, I've tried to contact the hub owner May 3, 2019 (7months
  ago) about this problem and no action has been taken!!

To manage notifications about this bug go to:
https://bugs.launchpad.net/airdcpp/+bug/1853692/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next