TTP-03-003 WP1: rdsys moat X-Forwarded-For

Vulnerability type: TTP-03-003 WP1: rdsys moat unconditionally trusts X-Forwarded-For
Threat level: _Medium_

While testing the rdsys moat circumvention settings distributor, it was discovered that the server trusted the X-Forwarded-For header without offering an ability to configure a “trust proxy” setting. In the deployment of a moat distributor that is not behind a trusted reverse-proxy, this would allow clients to spoof their IP address, fostering Sybil attacks against the distributor.

Affected file: pkg/presentation/distributors/moat/web.go

Affected function: ipFromRequest

A configuration option for trust proxies should be implemented and be specific about how many proxies should be trusted by the server. This will help prevent abuse of the overly trusting configurations.

We need a mitigation plan for this issue by the end of February.