| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1164933728.20161004085359@sloop.net> Date: Tue, 4 Oct 2016 08:53:59 -0700 From: Gregory Sloop <gregs@...op.net> To: Tim Schughart <t.schughart@...sec-networks.com>, fulldisclosure@...lists.org, bugtraq@...urityfocus.com, webappsec@...urityfocus.com Cc: "Khanh Quoc. Pham" <k.pham@...sec-networks.com> Subject: Re: [FD] Critical Vulnerability in Ubiquiti UniFi I attempted private contact with Tim Pham and via email 12+ hours ago, but received no response since then. I've spent some time trying to reproduce the reported vulnerability and have had no success. It certainly doesn't help that the steps to reproduce it are so poorly described or documented. Without better documentation of the exploit, it seems impossible to determine if the report is just mis-informed, blatantly false, or if perhaps there's some step/process I don't understand or am missing. In every attempt I've made the binding of MongoBD to 127.0.0.1 is effective and non-local connection attempts are refused, as one would expect. A swift response from Prosec Networks [prosec-networks.com] would be most helpful. _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists