Antsle Forum
Welcome to our Antsle community! This forum is to connect all Antsle users to post experiences, make user-generated content available for the entire community and more.
Please note: This forum is about discussing one specific issue at a time. No generalizations. No judgments. Please check the Forum Rules before posting. If you have specific questions about your Antsle and expect a response from our team directly, please continue to use the appropriate channels (email: [email protected]) so every inquiry is tracked.
Security issue: ability to see everyone's backups from AntMan.
I'm not sure how to reproduce. I think first I could not access my Antsle (the anthill daemon was not started, but I didn't know). So I deleted my Antsle from Anthill. Then I upgraded to AntMan 2.0 (nice UI!).
Then I was browsing the various pages, and when I clicked on "Heal Antlets", I was taken to a page with a list of what looked to be everyone's backups, starting from just a few days ago (note, I have been away from Antsle and Anthill for 7 months, but I was seeing a long list of recent backups, with delete buttons!).
Unfortunately I didn't take a screenshot.
Then I finally figured out I had to start anthilld in order to connect with Anthill. But before I did anything, I noticed anthilld was stuck in the "Stopping" state with three dots (maybe a bug after Antman upgrade).
To fix the issue I disabled autostart (probably not necessary), I restarted my Antsle, and then I was able to start anthilld.
At this point, I was able to re-activate my Antsle on AntHill.
Then I went back to the "Heal Antlets" page, and now I saw an empty list, as I would've expected (I've never used the feature before).
I'm not sure how to reproduce, but I think maybe it had to do with being disconnected from AntHill, or possibly upgrading to AntMan 2.0.
Thanks for reaching out!
We found the issue on our end and released a hotfix that should prevent you (and other users) from seeing backups that don't belong to you. If you could do me a favor and confirm whether or not Heal Antlets works the way you would expect at this point, that would be helpful!
- Joe
Quote from Joe on December 31, 2019, 9:51 amIf you could do me a favor and confirm whether or not Heal Antlets works the way you would expect at this point,
At this point it is working, I see no backups as I haven't made any. I haven't tried replicating though. It must've been somewhere in between deleting the antsle from anthill, upgrading to AntMan 2.0, and re-adding back to anthill. Once I re-connected to anthill, the issue went away and I no longer saw other people's backups.
If I were gonna test this, I'd start with an Antsle with AntMan 1.0, turn it on (it doesn't connect to anthill because it needs antman 2.0 I think?), delete the antsle from anthill (it'll say it is offline, at least that's how mine was), update the antsle to antman 2.0, restart and make sure anthilld is started, and finally add the anstle back into anthill again.
That's basically what I did, and I noticed the issue because connecting to anthill again.