| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 6 Oct 2016 16:03:57 +0200 From: Tim Schughart <t.schughart@...sec-networks.com> To: Gregory Sloop <gregs@...op.net>, fulldisclosure@...lists.org, webappsec@...urityfocus.com, bugtraq@...urityfocus.com Cc: "Khanh Quoc. Pham" <k.pham@...sec-networks.com> Subject: [FD] Ubiquiti Hi, please let us communicate directly and not via Mailinglists, because this results in flooding and is not important to all other people. If there is an final result, weather the PoC has got an mistake or not, we can publish the result. If there are other products affected we don’t know - this was not mentioned in the disclosure (The PoC is only for the OS X Software combined with an AP AC Lite), so we can’t give an statement to other products of the vendor. If nobody is able to get the PoC working, like I said above, maby we made an mistake, I will not distance me from making a mistake, I think the vuln should not be seen as too critical. But what you all approved is that if the database runs locally the following scenario should be bullet proof: All, by the management software, managed devices could be compromised if the pc get’s infected, because the database has absolutely no authentication and you are able to reset the local admins web interface password. This would reduce the CVSSv3 to 6.3 and change they vuln type to „privilege escalation“, combined with broken authentication even without an "scope change": CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H Do you agree? I’m looking forward to minimize our "race time condition denial of service", to deliver fast results in future :-P Best regards / Mit freundlichen Grüßen Tim Schughart CEO / Geschäftsführer -- ProSec Networks e.K. Ellingshohl 82 56076 Koblenz Website: https://www.prosec-networks.com E-Mail: t.schughart@...sec.networks.com Mobile: +49 (0)157 7901 5826 Phone: +49 (0)261 450 930 90 "This E-Mail communication may contain CONFIDENTIAL, PRIVILEGED and/or LEGALLY PROTECTED information and is intended only for the named recipient(s). Any unauthorized use, dissemination, copying or forwarding is strictly prohibited. If you are not the intended recipient and have received this email communication in error, please notify the sender immediately, delete it and destroy all copies of this E-Mail. VAT ID: DE290654714 legal domicile Koblenz, HRA 21621.“ "Diese E-Mail Mitteilung kann VERTRAULICHE, dem BERUFSGEHEIMNIS UNTERLIEGENDE und/oder RECHTLICH GESCHÜTZTE Informationen enthalten und ist ausschließlich für den/die genannten Adressaten bestimmt. Jede unbefugte Nutzung, Weitergabe, Vervielfältigung oder Versendung ist strengstens verboten. Sollten Sie nicht der angegebene Adressat sein und diese E-Mail Mitteilung irrtümlich erhalten haben, informieren Sie bitte sofort den Absender, löschen diese E-Mail und vernichten alle Kopien. USt-IdNr.: DE290654714, Amtsgericht Koblenz, HRA 21621." _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists