During a customer project we identified an issue with the validation of JWT tokens that allowed us to bypass the authentication by using unsigned tokens with arbitrary payloads. During analysis we found out that this is caused by a vulnerability within the library OpenID Connect Authenticator for Tomcat.
Continue readingTag: pentest
Vulnerability Disclosure: Authentication Bypass in Vaultwarden versions < 1.32.5 - CVE-2024-55225
During a penetration test for a customer, we briefly assessed Vaultwarden, an open-source online password safe. In June 2024, the German Federal Office for Information Security (BSI) published results1 of a static and dynamic test of the Vaultwarden server component. Therefore, only a partial source code audit was performed during our assessment. However, a quick look was needed to find some glaring issues with the authentication.
Continue reading “Vulnerability Disclosure: Authentication Bypass in Vaultwarden versions < 1.32.5 - CVE-2024-55225"
Disclosure: Potential Limitations of Apple ADE in Corporate Usage Scenarios
Apple Automated Device Enrollment (ADE) is presented as a way to automate and simplify the enrollment process of Apple devices within Mobile Device Management (MDE) solutions. This blog post is aimed at organizations currently planning or even already using this feature and making you, the reader, aware of potential limitations of this process that might otherwise not be clearly addressed in your companies’ device management process.
Continue reading “Disclosure: Potential Limitations of Apple ADE in Corporate Usage Scenarios”
Continue readingDisclosure: Apple ADE – Network Based Provisioning Bypass
Mobile Device Management (MDM) solutions are used to centrally manage mobile devices in corporate environments. This includes the monitoring of the device, automatic installation/removal of apps or certificates and restrict the functionality. Even though MDM solutions exist for multiple vendors, we will look specifically on Apple devices enrolled via Intune. When an Apple device is registered for Automated Device Enrollment (ADE), it will automatically download and apply these policies during the initial setup and prior to the first boot.
During a customer project, we identified a network-based provisioning bypass which prevents the iPad to fetch and apply the provisioning profiles. Continue reading “Disclosure: Apple ADE – Network Based Provisioning Bypass”
Continue readingManiMed: Ypsomed AG – mylife YpsoPump System Vulnerabilities
Manipulating Medical Devices
The Federal Office for Information Security (BSI) aims to sensitize manufacturers and the public regarding security risks of networked medical devices in Germany. In response to the often fatal security reports and press releases of networked medical devices, the BSI initiated the project Manipulation of Medical Devices (ManiMed) in 2019. In this project, a security analysis of selected products is carried out through security assessments followed by Coordinated Vulnerability Diclosure (CVD) processes. The project report was published on December 31, 2020, and can be accessed on the BSI website [1].
Continue reading “ManiMed: Ypsomed AG – mylife YpsoPump System Vulnerabilities”
Continue readingManiMed: Hamilton Medical AG – HAMILTON-T1 Ventilator Vulnerabilities
Manipulating Medical Devices
The Federal Office for Information Security (BSI) aims to sensitize manufacturers and the public regarding security risks of networked medical devices in Germany. In response to the often fatal security reports and press releases of networked medical devices, the BSI initiated the project Manipulation of Medical Devices (ManiMed) in 2019. In this project, a security analysis of selected products is carried out through security assessments followed by Coordinated Vulnerability Diclosure (CVD) processes. The project report was published on December 31, 2020, and can be accessed on the BSI website [1].
Continue reading “ManiMed: Hamilton Medical AG – HAMILTON-T1 Ventilator Vulnerabilities”
Continue readingManiMed: B. Braun Melsungen AG – Space System Vulnerabilities
Manipulating Medical Devices
The Federal Office for Information Security (BSI) aims to sensitize manufacturers and the public regarding security risks of networked medical devices in Germany. In response to the often fatal security reports and press releases of networked medical devices, the BSI initiated the project Manipulation of Medical Devices (ManiMed) in 2019. In this project, a security analysis of selected products is carried out through security assessments followed by Coordinated Vulnerability Diclosure (CVD) processes. The project report was published on December 31, 2020, and can be accessed on the BSI website [1].
Continue reading “ManiMed: B. Braun Melsungen AG – Space System Vulnerabilities”
Continue readingManiMed: Innokas Yhtymä Oy – VC150 Patient Monitor Vulnerabilities
Manipulating Medical Devices
The Federal Office for Information Security (BSI) aims to sensitize manufacturers and the public regarding security risks of networked medical devices in Germany. In response to the often fatal security reports and press releases of networked medical devices, the BSI initiated the project Manipulation of Medical Devices (ManiMed) in 2019. In this project, a security analysis of selected products is carried out through security assessments followed by Coordinated Vulnerability Diclosure (CVD) processes. The project report was published on December 31, 2020, and can be accessed on the BSI website [1].
Continue reading “ManiMed: Innokas Yhtymä Oy – VC150 Patient Monitor Vulnerabilities”
Continue readingManiMed: Philips Medizin Systeme Böblingen GmbH – IntelliVue System Vulnerabilities
Manipulating Medical Devices
The Federal Office for Information Security (BSI) aims to sensitize manufacturers and the public regarding security risks of networked medical devices in Germany. In response to the often fatal security reports and press releases of networked medical devices, the BSI initiated the project Manipulation of Medical Devices (ManiMed) in 2019. In this project, a security analysis of selected products is carried out through security assessments followed by Coordinated Vulnerability Diclosure (CVD) processes. The project report was published on December 31, 2020, and can be accessed on the BSI website [1].
Continue readingYet Another Information Disclosure?
Hey there, for those of you that roll your eyes when writing the nth Information Disclosure Finding in a report, here is a short story of how such information helped compromising a system.
Continue reading “Yet Another Information Disclosure?”
Continue reading