LocalSend is Vulnerable to Man-in-the-Middle Attacks, Leading to File Interception

LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. In versions 1.16.1 and below, a critical Man-in-the-Middle (MitM) vulnerability in the software's discovery protocol allows an unauthenticated attacker on the same local network to impersonate legitimate devices, silently intercepting, reading, and modifying any file transfer. This can be used to steal sensitive data or inject malware, like ransomware, into files shared between trusted users. The attack is hardly detectable and easy to implement, posing a severe and immediate security risk. This issue was fixed in version 1.17.0.

N/A

通道可被非端点访问(中间人攻击)

LocalSend 安全漏洞

LocalSend是LocalSend开源的一个 AirDrop 的开源跨平台替代方案。 LocalSend 1.16.1及之前版本存在安全漏洞，该漏洞源于发现协议存在中间人攻击漏洞，可能导致文件传输拦截和修改。

N/A

N/A