During a penetration test for a customer, we briefly assessed Vaultwarden, an open-source online password safe. In June 2024, the German Federal Office for Information Security (BSI) published results1 of a static and dynamic test of the Vaultwarden server component. Therefore, only a partial source code audit was performed during our assessment. However, a quick look was needed to find some glaring issues with the authentication.
Continue reading “Vulnerability Disclosure: Authentication Bypass in Vaultwarden versions < 1.32.5"
Announcement: Progress / Kemp LoadMaster CVE-2024-7591
Hey everybody,
during a recent Red Teaming engagement Marius Walter from ERNW found a command injection issue in Progress (Kemp) LoadMaster. It was registered as CVE-2024-7591 and scores a CVSS of 10.0.
The vendor already has patches out, make sure to apply them as this is a high severe issue. You can find the official announcement and the patch references on the official support page.
Marius will follow up with a technical blog post on this issue once we think everybody had a realistic chance of applying the patches.
Continue readingDisclosure: Potential Limitations of Apple ADE in Corporate Usage Scenarios
Apple Automated Device Enrollment (ADE) is presented as a way to automate and simplify the enrollment process of Apple devices within Mobile Device Management (MDE) solutions. This blog post is aimed at organizations currently planning or even already using this feature and making you, the reader, aware of potential limitations of this process that might otherwise not be clearly addressed in your companies’ device management process.
Continue reading “Disclosure: Potential Limitations of Apple ADE in Corporate Usage Scenarios”
Continue readingCrowdStrike: What is the worldwide BSOD all about?
This article is about the massive BSOD triggered by CrowdStrike worldwide on July 19. Analysis and information from CrowdStrike or other sources are regularly published, completing what is expressed here. Updates may also be provided in the future.
Continue reading “CrowdStrike: What is the worldwide BSOD all about?”
Continue readingDisclosure: Apple ADE – Network Based Provisioning Bypass
Mobile Device Management (MDM) solutions are used to centrally manage mobile devices in corporate environments. This includes the monitoring of the device, automatic installation/removal of apps or certificates and restrict the functionality. Even though MDM solutions exist for multiple vendors, we will look specifically on Apple devices enrolled via Intune. When an Apple device is registered for Automated Device Enrollment (ADE), it will automatically download and apply these policies during the initial setup and prior to the first boot.
During a customer project, we identified a network-based provisioning bypass which prevents the iPad to fetch and apply the provisioning profiles. Continue reading “Disclosure: Apple ADE – Network Based Provisioning Bypass”
Continue readingBMBF UNCOVER – Monitoring von Sicherheitsvorfällen in Fahrzeugen
English Abstract
For the realization and introduction of autonomous vehicles, the safe interaction of functions, systems and services as well as their monitoring over the entire product life cycle is essential. An exclusive security-by-design approach is no longer sufficient and must be continuously supported by feedback obtained from in-the-wild operation. This is where the recently successfully completed joint project BMBF UNCOVER comes into play, which targets the requirements of the standards ISO/SAE 21434 (Road vehicles – Cybersecurity engineering) and ISO 21448 (Road vehicles – Safety of the intended functionality (SOTIF)).
Continue reading “BMBF UNCOVER – Monitoring von Sicherheitsvorfällen in Fahrzeugen”
Continue readingTROOPERS24 Agenda Preview: Active Directory & Entra ID Security Track
Hi,
are you curious about the agenda of the Active Directory- & Entra ID security track at TROOPERS24? Here’s a sneak peak of the already published tracks:
Continue reading “TROOPERS24 Agenda Preview: Active Directory & Entra ID Security Track”
Continue readingSecurity Advisory: Achieving PHP Code Execution in ILIAS eLearning LMS before v7.30/v8.11/v9.1
During my Bachelor’s thesis, I identified several XSS vulnerabilities and a PHP Code Execution vulnerability via an insecure file upload in the learning management system (LMS) ILIAS. The XSS vulnerability can be chained with the code execution vulnerability so that attackers with tutor privileges in at least one course can perform this exploit chain.
Continue readingLinux Character Devices: Exploring systemd-run and pkexec
In this blog post, we quickly look into issues involving character devices. As is typical for Linux, everything is a file, so character devices are referenced as files, such as pseudo terminals (pts) under /dev/pts/. man pty briefly introduces the topic. Essentially, it is used to connect a program, such as a terminal emulator, to a shell. In the end, a pty can read and write like a regular file. A colleague already brought up the topic of ptys and character devices. But more recently a Twitter post and the accompanying advisory piqued my interest.
Continue reading “Linux Character Devices: Exploring systemd-run and pkexec”
Continue readingIs Google Play Protect a Reliable Malware Detector?
Google Play Protect is a built-in Android solution that enhances devices’ security. Its main job is to detect and block malware on Android devices. Several malware families were known for bypassing Play Protect checks in recent years. This brings us to an important question: “Is Google Play Protect a Reliable Malware Detector?”. This blog post shows how Play Protect deals with various Android malware in different scenarios. I deal with Play Protect as a black box.
Continue reading “Is Google Play Protect a Reliable Malware Detector?”
Continue reading