Sint Wind PI v01.26.19 Authentication Bypass Title: Sint Wind PI v01.26.19 Authentication Bypass Advisory ID: ZSL-2018-5472 Type: Local/Remote Impact: Security Bypass, System Access Risk: (5/5) Release Date: 05.06.2018 Summary A Meteo Station software for Raspberry PI. Capability include telephone answering, webcams, digital cameras, web. A Sint Wind is a wind condition (and other meteo data) telephone answering machine. This implementation uses a Raspberry PI with an Huawei 3G dongle. The Sint Wind is compatible with different kind of Meteo Sensors (WH1080, WH3080, Davis, TX32, BMP085...). Description Insecure Direct Object Reference flaw allows retrieval of configuration file which contains authentication credentials to device and other nodes associated with it. The web application does not check for an authenticated session to access its resources allowing direct access to swpi.cfg (config file) which contains credentials. Vendor Tonino Tarsi - https://github.com/ToninoTarsi/swpi Affected Version 01.26.19 Tested On SimpleHTTP/0.6 Python/2.7.3 Raspberry PI Vendor Status [28.05.2018] Vulnerability discovered. [29.05.2018] Vendor contacted with details sent. [29.05.2018] Vendor replies: "You can just push request on the official report". [05.06.2018] Public security advisory released. PoC sintwind_auth.txt Credits Vulnerability discovered by Humberto Cabrera - <humbe@zeroscience.mk> References N/A Changelog [05.06.2018] - Initial release Contact Zero Science Lab Web: http://www.zeroscience.mk e-mail: lab@zeroscience.mk