[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FD] Critical Vulnerability in Ubiquiti UniFi
- To: Tim Schughart <t.schughart@xxxxxxxxxxxxxxxxxxx>, fulldisclosure@xxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, webappsec@xxxxxxxxxxxxxxxxx
- Subject: Re: [FD] Critical Vulnerability in Ubiquiti UniFi
- From: Gregory Sloop <gregs@xxxxxxxxx>
- Date: Tue, 4 Oct 2016 08:53:59 -0700
I attempted private contact with Tim Pham and via email 12+ hours ago, but
received no response since then.
I've spent some time trying to reproduce the reported vulnerability and have
had no success. It certainly doesn't help that the steps to reproduce it are so
poorly described or documented.
Without better documentation of the exploit, it seems impossible to determine
if the report is just mis-informed, blatantly false, or if perhaps there's some
step/process I don't understand or am missing.
In every attempt I've made the binding of MongoBD to 127.0.0.1 is effective and
non-local connection attempts are refused, as one would expect.
A swift response from Prosec Networks [prosec-networks.com] would be most
helpful.
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/