(npub1ajw…aj8d) Yes, webfinger is out of scope, and as far as I know Pleroma was vulnerable because it didn't do proper validation during reverse webfinger lookups... Is that right?
I don't know much about it. Mitra doesn't perform reverse webfinger lookups at all
silverpill /
npub1df…27gmw
2024-06-03 00:12:34
in reply to nevent1q…t6qs
Author Public Key
npub1df0nthpgzfmvxrzj0cfypmmt45l0y770j260auqhm3l45hp3uhkqx27gmwPublished at
2024-06-03 00:12:34Event JSON
{
"id": "273871a0436b8604b3d6fd54d2667e6b35a52e83ae0b45b55b9572e27147937c",
"pubkey": "6a5f35dc281276c30c527e1240ef6bad3ef27bcf92b4fef017dc7f5a5c31e5ec",
"created_at": 1717373554,
"kind": 1,
"tags": [
[
"p",
"ec9dae9b3dc5951ac7d6cb7070d9c8bcf3998ed72fe4931906e6c7a5ead51ad8",
"wss://relay.mostr.pub"
],
[
"e",
"f1274aef17dfb579d94eee909ea467161c576d5cc87ba7d69d78b3f75f14996d",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://mitra.social/objects/018fdb70-d0fb-d95d-c40d-f3abee82409a",
"activitypub"
]
],
"content": "nostr:npub1ajw6axeack23437kedc8pkwghneenrkh9ljfxxgxumr6t6k4rtvqecaj8d Yes, webfinger is out of scope, and as far as I know Pleroma was vulnerable because it didn't do proper validation during reverse webfinger lookups... Is that right?\nI don't know much about it. Mitra doesn't perform reverse webfinger lookups at all",
"sig": "b3813d9352981e82ffd73197fd4bf2e5cbb4fd0ad9467b5c2d007b0f057ba0ea4939d94f2b3bb739193fb35f0ffef229aec5a18fd8a09b1b040050d73da828da"
}