← Advisories

Sint Wind PI v01.26.19 Authentication Bypass

Critical

Advisory ID

ZSL-2018-5472

Release Date

05 June 2018

Vendor

Tonino Tarsi - https://github.com/ToninoTarsi/swpi

Affected Version

01.26.19

CVE

N/A

Tested On

SimpleHTTP/0.6 Python/2.7.3, Raspberry PI

Summary

A Meteo Station software for Raspberry PI. Capability include telephone answering, webcams, digital cameras, web. A Sint Wind is a wind condition (and other meteo data) telephone answering machine. This implementation uses a Raspberry PI with an Huawei 3G dongle. The Sint Wind is compatible with different kind of Meteo Sensors (WH1080, WH3080, Davis, TX32, BMP085...).

Description

Insecure Direct Object Reference flaw allows retrieval of configuration file which contains authentication credentials to device and other nodes associated with it. The web application does not check for an authenticated session to access its resources allowing direct access to swpi.cfg (config file) which contains credentials.

Proof of Concept

sintwind_auth.txtTXT

Disclosure Timeline

28.05.2018Vulnerability discovered.

29.05.2018Vendor contacted with details sent.

29.05.2018Vendor replies: "You can just push request on the official report".

05.06.2018Public security advisory released.

Credits

Vulnerability discovered by Humberto Cabrera

References

[1]https://cxsecurity.com/issue/WLB-2018060047

[2]https://packetstormsecurity.com/files/148049

[3]https://exchange.xforce.ibmcloud.com/vulnerabilities/144472

Changelog

05.06.2018Initial release

13.06.2018Added reference [1], [2] and [3]