alt Hacker NewsCan you speak a little bit more to the stats in the OP?
* 135k+ OpenClaw instances are publicly exposed
* 63% of those run zero authentication. Meaning the "low privilege required" in the CVE = literally anyone on the internet can request pairing access and start the exploit chain
Is this accurate? This is definitely a very different picture then the one you paint
Replies
steipete • yesterday at 1:55 PM
Honestly that seems like total guesswork. There's a lot of FUD going around, or people running portscans and assuming just because they detect a gateway on a port, that they can connect to it. That’s not the case.
➕ show 1 reply
jeremie_strand • yesterday at 11:07 AM
[dead]
That’s surprising, as the OpenClaw installation makes it pretty difficult to run without auth and explicit device pairing (I don’t even know if that’s possible).