Electron has serious security vulnerability

[weinull]

Electerm version:

All versions

Operating system(linux, macos, or windows7/8/10?):

All operating system(macos,windows7/8/10,linux)

Detailed Description

Electerm did not conduct permission checks, which led to remote command execution vulnerabilities.
After testing, it affected Electerm on all operating systems.

Steps to Reproduce

1.Open Electerm and keep it running.
2.Use a browser such as Chrome / Firefox / Safari to visit the malicious site I constructed: http://orz.weinull.com/orz-001.html
3.Malicious site executes command to open calculator.

Suggestions

Generate a random token for service invocation at startup, and at the same time, ensure that the token has enough complexity to be guessed

Electerm is a very good tool, hope to develop better

[zxdong262]

@weinull Thank you for the feedback, fixed in new version.

[weinull]

@zxdong262 I downloaded the latest version (v1.3.25), and the test on macOS found that the token check did not take effect. I can still execute the command to open the calculator by visiting the malicious site provided.

I found the cause of the problem. After Electerm exits, there are still active processes (server.js). After I update the version, there are still old versions of the process, so I can still open the calculator. I need to restart the OS or kill the process to recover.
It is recommended to stop all active processes of Electerm after exiting to avoid resource occupation.