"If an OpenClaw user running a vulnerable version and configuration clicked on that link, an attacker could then trigger a cross-site WebSocket hijacking attack because the polyonymous AI project's server doesn't validate the WebSocket origin header. This means the OpenClaw server will accept requests from any website. A maliciously crafted webpage, in this case, can execute client-side JavaScript code on the victim's browser to retrieve an authentication token, establish a WebSocket connection to the server, and use that token to pass authentication."
"Security issues continue to pervade the OpenClaw ecosystem, formerly known as ClawdBot then Moltbot, as multiple projects patch bot takeover and remote code execution (RCE) exploits. The initial hype around the renamed OpenClaw has died down somewhat compared to last week, although security researchers say they continue to find holes in a technology designed to make life easier for users, not more onerous."
OpenClaw continues to exhibit serious security flaws across multiple projects as teams apply patches for bot takeover and remote code execution exploits. A one-click RCE chain demonstrated by Mav Levin leverages lack of WebSocket origin header validation to enable cross-site WebSocket hijacking when a user visits a malicious webpage. The webpage's JavaScript can retrieve an authentication token, open a WebSocket, disable sandboxing and prompt protections, and send a node.invoke request to execute remote code. The OpenClaw team patched the vulnerability quickly. Jamieson O'Reilly acknowledged the find and joined the project to help with security. Moltbook, a separate AI-agent social network coded by Matt Schlicht, also has reported issues.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]