Sint Wind PI v01.26.19 Authentication Bypass

2018.06.05
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Sint Wind PI v01.26.19 Authentication Bypass Title: Sint Wind PI v01.26.19 Authentication Bypass Advisory ID: ZSL-2018-5472 Type: Local/Remote Impact: Security Bypass, System Access Risk: (5/5) Release Date: 05.06.2018 Summary A Meteo Station software for Raspberry PI. Capability include telephone answering, webcams, digital cameras, web. A Sint Wind is a wind condition (and other meteo data) telephone answering machine. This implementation uses a Raspberry PI with an Huawei 3G dongle. The Sint Wind is compatible with different kind of Meteo Sensors (WH1080, WH3080, Davis, TX32, BMP085...). Description Insecure Direct Object Reference flaw allows retrieval of configuration file which contains authentication credentials to device and other nodes associated with it. The web application does not check for an authenticated session to access its resources allowing direct access to swpi.cfg (config file) which contains credentials. Vendor Tonino Tarsi - https://github.com/ToninoTarsi/swpi Affected Version 01.26.19 Tested On SimpleHTTP/0.6 Python/2.7.3 Raspberry PI Vendor Status [28.05.2018] Vulnerability discovered. [29.05.2018] Vendor contacted with details sent. [29.05.2018] Vendor replies: "You can just push request on the official report". [05.06.2018] Public security advisory released. PoC sintwind_auth.txt Credits Vulnerability discovered by Humberto Cabrera - <humbe@zeroscience.mk> References N/A Changelog [05.06.2018] - Initial release Contact Zero Science Lab Web: http://www.zeroscience.mk e-mail: lab@zeroscience.mk


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top