[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Warning: BrailleNote Apex Offers Read/Write FTP And Telnet Access To All Comers

To: braillenote@xxxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Warning: BrailleNote Apex Offers Read/Write FTP And Telnet Access To All Comers
From: Sabahattin Gucukoglu <mail@xxxxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 1 Oct 2010 22:31:58 +0100

BrailleNote Apex offers telnet and FTP access on the standard ports, with 
read/write privilege on the entire file system, to all comers.  No 
authentication is required.  BrailleNote is unsafe on any network whose devices 
you are not in full charge of, and which (by NAT or firewall) does not protect 
BrailleNote from the Internet.

I am happy and sad.  In a chance port scan of my entire network looking for 
interesting services and protocols that were not accounted for by visible 
configuration options in all my devices, I found this disaster staring me in 
the face on the least likely candidate of them all.  On the one hand, now I 
don't need ActiveStink in order to access my files, over the network, from my 
Mac.  I want these services running, for sure (maybe just FTP) but dammit, 
authentication first!  On the other hand, there is no doubt my trust in 
HumanWare is badly dented, as I was clearly optimistic that they would, and 
did, do the right thing and secure the device firmware before shipping it.  
Anonymous FTP and telnet are obvious, easily found and effectively exploited.  
If it isn't configurable, it shouldn't be enabled.  I am quite sure this was 
the case before now.  The most likely explanation is a build with a test 
configuration and services for development still in use on the newest model; 
the 
 USB vendor string is further evidence of this.  Note to self: that popular 
expression about assumptions turns out to be true.

KeySoft version 9.0.2 build 756, Windows CE 6.0, with telnet and FTP services.

While we await an update that either disables the services or allows the user 
to specify the authentication credentials, do not use your BrailleNote Apex on 
any untrusted network, or if you are network administrator, temporarily 
prohibit these devices from connecting to your networks.  If "Bad guys" are on 
your network, the BrailleNote Apex is, alas, easy meat.

Cheers,
Sabahattin

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Warning: BrailleNote Apex Offers Read/Write FTP And Telnet Access To All Comers
  - From: Thor (Hammer of God)
- Re: [Full-disclosure] [Braillenote] Warning: BrailleNote Apex Offers Read/Write FTP And Telnet Access To All Comers
  - From: Alex Hall
- Re: [Full-disclosure] [Braillenote] Warning: BrailleNote Apex Offers Read/Write FTP And Telnet Access To All Comers
  - From: crazy-shawty aka everything you're muther wanted you to be but you aint quite turned out like me?

Prev by Date: [Full-disclosure] ZDI-10-190: Novell iManager getMultiPartParameters Arbitrary File Upload Remote Code Execution Vulnerability
Next by Date: Re: [Full-disclosure] Warning: BrailleNote Apex Offers Read/Write FTP And Telnet Access To All Comers
Previous by thread: [Full-disclosure] ZDI-10-190: Novell iManager getMultiPartParameters Arbitrary File Upload Remote Code Execution Vulnerability
Next by thread: Re: [Full-disclosure] Warning: BrailleNote Apex Offers Read/Write FTP And Telnet Access To All Comers
Index(es):
- Date
- Thread