We discovered several vulnerabilities in the Single Sign On components of WatchGuard: the protocol used is insecure and can be redirected, an interface based on the Telnet protocol contains a backdoor and the SSO Agent can be crashed by sending unexpected data.
Related Posts
We’ve published a blog post about a vulnerability we’ve discovered in Bitwarden at the beginning of 2023. It allowed accessing data from the vault without the password in certain circumstances.
On 2 October 2023 Jens Liebchen held the talk “Gezielter Ausnahmezustand – Penetrationstests” as part of the event Fachschaftstagung Ingenieurswissenschaften of the Cusanuswerk. The German language slides are available for download under Publications.
On 17 June 2024, Alexander Neumann will give a lecture at the Hasso Plattner Institut in Potsdam titled “Behind the Screens: Insights and Stories of Real-World Penetration Testing“. The slides are available for download under Talks.
As of today, RedTeam Pentesting’s website is available in a new design. Your feedback is welcome.
Alexander Neumann held the talk „Der Bitwarden-Biometrie-Unfall – Wenn ein Pentest nebenher einen kritischen Fehler im Passwort-Manager aufdeckt” at the event “Studierende treffen Alumni und Unternehmensexpert:innen” at the FH Aachen University of Applied Sciences. The German language slides are available for download under Publications.
A new version of monsoon has been released. Our new blog post covers the new features and improvements in detail.
We discovered several vulnerabilities in the Milesight UG67 Outdoor LoRaWAN Gateway. The device had an unprotected USB console allowing access to the root file-system for analysis, an undocumented default password usable for remote SSH login, a command execution circumventing the restricted shell and a local privilege escalation using ubus as well as a local privilege escalation using world-writeable webroot. The issues can be combined to allow privileged access from a remote connection.
RedTeam Pentesting has two new members: Severin Schüller and Vincent Drury reinforce the team as new penetration testers.
RedTeam Pentesting has a new member: Tobias Ferring reinforces the team as a new penetration tester.
RedTeam Pentesting has a new member: Frederic Gorski reinforces the team as a new penetration tester.
Our new blog post gives an overview of exploiting vulnerabilities in Ghostscript.
Our new blog post describes the exploitation of a remote code execution vulnerabiltiy in the open-source learning platform Moodle. A short summary of the vulnerability discovered by us can be found in the corresponding advisory Moodle: Remote Code Execution via Calculated Questions.
On 10 July 2024, Alexander Neumann will give the lecture “Behind the Screens: Insights and Stories of Real-World Penetration Testing“ in German at the IT Center of RWTH Aachen University. The lecture is public and takes place at 16:30 o’clock at the ITC lecture hall at Seffenter Weg 23.
New advisory released: STARFACE: Authentication with Password Hash Possible.
New advisory released: Skyhigh Security Secure Web Gateway: Information Disclosure Due to Same Origin Policy Bypass on Block Page.
New advisory released: Session Token Enumeration in RWS WorldServer.
New advisory released: D-Link DAP-X1860: Remote Command Injection .
New advisory released: Aptos Wisal Payroll Accounting Uses Hardcoded Database Credentials.
In our new blog post we discuss common misconceptions about login mechanisms using the example of a vulnerability in the web interface of STARFACE PBX.
Why Companies Need to Extend Penetration Testing to OT Environments