Sint Wind PI v01.26.19 Authentication Bypass
Title: Sint Wind PI v01.26.19 Authentication Bypass
Advisory ID: ZSL-2018-5472
Type: Local/Remote
Impact: Security Bypass, System Access
Risk: (5/5)
Release Date: 05.06.2018
Summary
A Meteo Station software for Raspberry PI. Capability include telephone answering, webcams, digital cameras, web. A Sint Wind is a wind condition (and other meteo data) telephone answering machine. This implementation uses a Raspberry PI with an Huawei 3G dongle. The Sint Wind is compatible with different kind of Meteo Sensors (WH1080, WH3080, Davis, TX32, BMP085...).
Description
Insecure Direct Object Reference flaw allows retrieval of configuration file which contains authentication credentials to device and other nodes associated with it. The web application does not check for an authenticated session to access its resources allowing direct access to swpi.cfg (config file) which contains credentials.
Vendor
Tonino Tarsi - https://github.com/ToninoTarsi/swpi
Affected Version
01.26.19
Tested On
SimpleHTTP/0.6 Python/2.7.3
Raspberry PI
Vendor Status
[28.05.2018] Vulnerability discovered.
[29.05.2018] Vendor contacted with details sent.
[29.05.2018] Vendor replies: "You can just push request on the official report".
[05.06.2018] Public security advisory released.
PoC
sintwind_auth.txt
Credits
Vulnerability discovered by Humberto Cabrera - <humbe@zeroscience.mk>
References
N/A
Changelog
[05.06.2018] - Initial release
Contact
Zero Science Lab
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk