disclosure – Insinuator.net

September 3, 2024 by Florian Kiersch

Disclosure: Potential Limitations of Apple ADE in Corporate Usage Scenarios

Apple Automated Device Enrollment (ADE) is presented as a way to automate and simplify the enrollment process of Apple devices within Mobile Device Management (MDE) solutions. This blog post is aimed at organizations currently planning or even already using this feature and making you, the reader, aware of potential limitations of this process that might otherwise not be clearly addressed in your companies’ device management process.

Continue reading “Disclosure: Potential Limitations of Apple ADE in Corporate Usage Scenarios”

Breaking

August 9, 2024 by Jan Ruge

Disclosure: Apple ADE – Network Based Provisioning Bypass

Mobile Device Management (MDM) solutions are used to centrally manage mobile devices in corporate environments. This includes the monitoring of the device, automatic installation/removal of apps or certificates and restrict the functionality. Even though MDM solutions exist for multiple vendors, we will look specifically on Apple devices enrolled via Intune. When an Apple device is registered for Automated Device Enrollment (ADE), it will automatically download and apply these policies during the initial setup and prior to the first boot.

During a customer project, we identified a network-based provisioning bypass which prevents the iPad to fetch and apply the provisioning profiles. Continue reading “Disclosure: Apple ADE – Network Based Provisioning Bypass”

Breaking

May 22, 2024 by Daniel Schlecht

Security Advisory: Achieving PHP Code Execution in ILIAS eLearning LMS before v7.30/v8.11/v9.1

During my Bachelor’s thesis, I identified several XSS vulnerabilities and a PHP Code Execution vulnerability via an insecure file upload in the learning management system (LMS) ILIAS. The XSS vulnerability can be chained with the code execution vulnerability so that attackers with tutor privileges in at least one course can perform this exploit chain.

Continue reading “Security Advisory: Achieving PHP Code Execution in ILIAS eLearning LMS before v7.30/v8.11/v9.1”

Breaking

April 25, 2024 by Florian Bausch

Breaking GLS Parcel Tracking

Recently, we held a talk at the Winterkongress¹ of the Digitale Gesellschaft Schweiz in Winterthur, Switzerland, about our research project on breaking German parcel tracking sites. We could not name all the parcel services for which we identified vulnerabilities respecting disclosure timelines. Today, we describe our findings at GLS, another player in the German parcel market, and the disclosure process of corresponding vulnerabilities.

Continue reading “Breaking GLS Parcel Tracking”

Breaking

April 10, 2024 by Florian Bausch

Breaking UPS Parcel Tracking

Today, we describe our findings at United Parcel Service of America, Inc. (UPS), another German parcel market player, and the corresponding vulnerabilities’ disclosure process.

Continue reading “Breaking UPS Parcel Tracking”

Breaking

October 10, 2023 by Nils Emmerich

Lua-Resty-JWT Authentication Bypass

I was writing some challenges for PacketWars at TROOPERS22. One was intended to be a JWT key confusion challenge where the public key from an RSA JWT should be recovered and used to sign a symmetric JWT. For that, I was searching for a library vulnerable to JWT key confusion by default and found lua-resty-jwt. The original repository by SkyLothar is not maintained and different from the library that is installed with the LuaRocks package manager. The investigated library is a fork of the original repository, maintained by cdbattags in version 0.2.3 and was downloaded more than 4.8 million times according to LuaRocks.

While looking at the source code I found a way to circumvent authentication entirely.

Continue reading “Lua-Resty-JWT Authentication Bypass”

Breaking

September 12, 2023 by Florian Bausch

Breaking DPD Parcel Tracking

This blog post is the continuation of our parcel research. We already reported about how we broke parcel tracking at DHL and the disclosure process of the identified problems. As DHL is not the only parcel service in Germany, we also investigated the other available parcel services. In this blog post, we want to talk about DPD, also called Geopost, which belongs to the French Post Office.

Continue reading “Breaking DPD Parcel Tracking”

Breaking

July 29, 2021 by Julian Suleder

ManiMed: Ypsomed AG – mylife YpsoPump System Vulnerabilities

Manipulating Medical Devices

The Federal Office for Information Security (BSI) aims to sensitize manufacturers and the public regarding security risks of networked medical devices in Germany. In response to the often fatal security reports and press releases of networked medical devices, the BSI initiated the project Manipulation of Medical Devices (ManiMed) in 2019. In this project, a security analysis of selected products is carried out through security assessments followed by Coordinated Vulnerability Diclosure (CVD) processes. The project report was published on December 31, 2020, and can be accessed on the BSI website [1].

Continue reading “ManiMed: Ypsomed AG – mylife YpsoPump System Vulnerabilities”