lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAOzeT81pXps8-cqAg+ndcVkK39Sr2ZYEcOqc_TuAdSq+JabUxQ@mail.gmail.com>
Date: Wed, 23 Jul 2014 23:59:45 -0400
From: Seth Art <sethsec@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] CVE-2014-2226: Ubiquiti Networks - UniFi Controller -
 Admin/root password hash sent via syslog

-----------
Vendor:
-----------
Ubiquiti Networks (http://www.ubnt.com/)

----------------------------------------------
Affected Products/Versions:
----------------------------------------------
UniFi Controller v2.4.6
Note: Previous versions may be affected

-----------------
Description:
-----------------
Title: Admin/Root password hash sent via syslog messages
CVE: CVE-2014-2226
CWE: http://cwe.mitre.org/data/definitions/319.html
Detailed writeup: http://sethsec.blogspot.com/2014/07/cve-2014-2226.html
Researcher: Seth Art - @sethsec

If remote logging is enabled on the UniFi controller, syslog messages
are sent to a syslog server.  Contained within the syslog messages is
the admin password that is used by both the UniFi controller, and all
managed Access Points.  This CVE was assigned as there is no utility
for sending the admin password hash via syslog messages.

------
POC:
------
Not Applicable.

-------------
Solution:
-------------
UniFi Controller - Upgrade to UniFi Controller v3.2.1 or greater

-----------------------------
Disclosure Timeline:
-----------------------------
2014-02-16: Notified Ubiquiti of vulnerabilities in UniFi and mFi products
2014-02-17: Ubiquiti acknowledges and requests details
2014-02-17: Report with POC sent to Ubiquiti
2014-02-19: Asks Ubiquiti to confirm receipt of report
2014-02-19: Ubiquti confirms receipt of report and existence of the
vulnerabilities
2014-02-28: CVE-2014-2226 assigned
2014-03-12: Requested status update
2014-03-27: Requested status update
2014-04-07: Requested status update
2014-04-09: Ubiquiti provides timeline for solution
2014-05-30: Requested status update
2014-06-12: Requested status update
2014-06-12: UniFi 3.2.1 is released
2014-06-13: Set public disclosure date of 2014-07-24
2014-07-24: Public disclosure

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists