[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] F5 BIG-IQ authed arbitrary user password change

To: "fulldisclosure@xxxxxxxxxxxx" <fulldisclosure@xxxxxxxxxxxx>
Subject: Re: [FD] F5 BIG-IQ authed arbitrary user password change
From: Brandon Perry <bperry.volatile@xxxxxxxxx>
Date: Thu, 1 May 2014 19:19:39 -0500

Nm on ExploitHub. Here is the module:

https://gist.github.com/brandonprry/2e73acd63094fa2a4f63



On Thu, May 1, 2014 at 5:10 PM, Brandon Perry <bperry.volatile@xxxxxxxxx>wrote:

> Hi,
>
> Detailed at this blog post (with pics!) is a vulnerability within F5
> BIG-IQ 4.1.0.2013.0.
>
>
> http://volatile-minds.blogspot.com/2014/05/f5-big-iq-v41020130-authenticated.html
>
> A module for this will be uploaded to ExploitHub this evening that will
> change the root users password and log in over SSH.
>
> Tune in next week for even more F5 fun!
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>



-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

References:
- [FD] F5 BIG-IQ authed arbitrary user password change
  - From: Brandon Perry

Prev by Date: [FD] F5 BIG-IQ authed arbitrary user password change
Next by Date: [FD] OAuth 2.0 and OpenID vulnerable to Covert Redirect
Previous by thread: [FD] F5 BIG-IQ authed arbitrary user password change
Next by thread: Re: [FD] F5 BIG-IQ authed arbitrary user password change
Index(es):
- Date
- Thread