CVE-2024-26136
📋 TL;DR
This CVE exposes Discord account access tokens in the config.json file of kedi ElectronCord, a Discord bot management tool. Attackers who obtain these tokens could impersonate the bot owner and access sensitive Discord data or perform unauthorized actions. Users of ElectronCord who haven't rotated their tokens are affected.
💻 Affected Systems
- kedi ElectronCord
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete account takeover allowing attackers to read private messages, access server data, send malicious messages, delete channels, and perform administrative actions as the bot owner.
Likely Case
Unauthorized access to Discord bot functionality, potential data exfiltration from Discord servers, and malicious message posting.
If Mitigated
Limited impact if tokens are rotated immediately and proper access controls are in place.
🎯 Exploit Status
Exploitation requires access to the config.json file, which could be obtained through file system access, misconfigured permissions, or repository exposure.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Commit aaaeaf4e6c99893827b2eea4dd02f755e1e24041 and later
Vendor Advisory: https://github.com/kedi/ElectronCord/security/advisories/GHSA-ppwc-5vwp-mhw8
Restart Required: Yes
Instructions:
1. Update to latest ElectronCord version. 2. Rotate all exposed Discord tokens immediately. 3. Remove any config.json files containing tokens from version control or public access.
🔧 Temporary Workarounds
Token Rotation
allGenerate new Discord bot tokens and replace exposed ones
Navigate to Discord Developer Portal > Applications > Your Bot > Bot > Reset Token
Config File Protection
linuxSecure config.json file with proper permissions and exclude from version control
chmod 600 config.json
Add config.json to .gitignore
🧯 If You Can't Patch
- Immediately rotate all Discord bot tokens through Discord Developer Portal
- Restrict file system access to config.json and monitor for unauthorized access attempts
🔍 How to Verify
Check if Vulnerable:
Check if config.json contains Discord bot tokens in plaintext and verify ElectronCord version is before commit aaaeaf4e6c99893827b2eea4dd02f755e1e24041Check Version:
git log --oneline -1Verify Fix Applied:
Confirm config.json no longer contains plaintext tokens and ElectronCord is updated to commit aaaeaf4e6c99893827b2eea4dd02f755e1e24041 or later📡 Detection & Monitoring
Log Indicators:
- Unauthorized Discord API calls from unexpected IPs
- Failed authentication attempts for rotated tokens
- Unusual bot activity patterns
Network Indicators:
- Discord API requests with revoked tokens
- Unexpected bot command executions
SIEM Query:
source="discord_api" AND (token_rotation_event OR failed_auth) OR process="ElectronCord" AND file_access="config.json"🔗 References
- https://github.com/kedi/ElectronCord/commit/aaaeaf4e6c99893827b2eea4dd02f755e1e24041
- https://github.com/kedi/ElectronCord/security/advisories/GHSA-ppwc-5vwp-mhw8
- https://github.com/kedi/ElectronCord/commit/aaaeaf4e6c99893827b2eea4dd02f755e1e24041
- https://github.com/kedi/ElectronCord/security/advisories/GHSA-ppwc-5vwp-mhw8
