Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
ASUS ROG Radeon RX 6750 XT STRIX review
AMD FidelityFX Super Resolution 2.0 - preview
Sapphire Radeon RX 6650 XT Nitro+ review
Sapphire Radeon RX 6950 XT Sapphire Nitro+ Pure review
Sapphire Radeon RX 6750 XT Nitro+ review
MSI Radeon RX 6950 XT Gaming X TRIO review
MSI Radeon RX 6750 XT Gaming X TRIO review
MSI Radeon RX 6650 XT Gaming X review
Deepcool AS500 PLUS CPU Cooler Review
Kioxia Exceria Pro 2 TB M.2 NVMe SSD Review

New Downloads
Download Samsung Magician v7.1.1.820
Intel ARC graphics Driver Download Version: 30.0.101.1732
HWiNFO Download v7.24
GeForce 512.77 WHQL driver download
Intel HD graphics Driver Download Version: 30.0.101.1960
AMD Radeon Software Adrenalin 22.5.1 WHQL driver download
3DMark Download v2.22.7359 + Time Spy
Prime95 download version 30.8 build 15
AIDA64 Download Version 6.70
PCMark 10 Download v2.1.2556


New Forum Topics
Leak: AMD EPYC Processors Genoa-X, New SP6 Socket, and 160 PCIe Lanes NVIDIA GeForce 512.77 WHQL driver download & Discussion 3080 Ti Owner's thread DOLMEN will be the first game to have Nvidia DLSS, AMD FSR and Intel XeSS ASUS x Noctua GeForce RTX 3080 10 GB OC Card Photos AMD Software Preview Driver May 2022 driver download and discussion Are we ever going to get a new NVIDIA CONTROL PANEL ??? [3rd-Party Driver] Amernime Zone Radeon Insight 22.5.1 WHQL Driver Pack (Released) Display Driver Uninstaller Thread Display Driver Uninstaller Thread




Guru3D.com » News » Password Vulnerability in Western Digital My Cloud

Password Vulnerability in Western Digital My Cloud

by Hilbert Hagedoorn on: 09/21/2018 08:33 AM | source: securify.nl | 1 comment(s)
Password Vulnerability in Western Digital My Cloud

It was discovered that the Western Digital My Cloud is affected by an authentication bypass vulnerability. A malicious person can, therefore, gain full admin access to the disk via the web portal without having to use a password, thereby gaining full control of the My Cloud device.

The Exploitee.rs independently discovered and disclosed the same vulnerability. This vulnerability was successfully verified on a Western Digital My Cloud model WDBCTL0020HWT running firmware version 2.30.172. This issue is not limited to the model that was used to find this vulnerability since most of the products in the My Cloud series share the same (vulnerable) code.

There is currently no fix available.

Introduction

Western Digital My Cloud is a low-cost entry-level network-attached storage device. It was discovered that the Western Digital My Cloud is affected by an authentication bypass vulnerability that allows an unauthenticated user to create an admin session that is tied to her IP address. By exploiting this issue an unauthenticated attacker can run commands that would normally require admin privileges and gain complete control of the My Cloud device. The issue was discovered while reverse engineering the CGI binaries to look for security issues.

Details

Whenever an admin authenticates, a server-side session is created that is bound to the user's IP address. After the session is created it is possible to call authenticated CGI modules by sending the cookie username=admin in the HTTP request. The invoked CGI will check if a valid session is present and bound to the user's IP address.

It was found that it is possible for an unauthenticated attacker to create a valid session without requiring to authenticate. The network_mgr.cgi CGI module contains a command called cgi_get_ipv6 that starts an admin session that is tied to the IP address of the user making the request when invoked with the parameter flag equal to 1. Subsequent invocation of commands that would normally require admin privileges are now authorized if an attacker sets the username=admin cookie.

More at securify.nl







« Devil May Cry 5's PC Specs Revealed · Password Vulnerability in Western Digital My Cloud · ENERMAX presents the new RevoBron TGA power supply series »

Related Stories

Microsoft States It's Time to Kill Off the Password - 01/02/2018 09:49 AM
Microsoft's solution to the password would be you. In what seems to be evangelizing for Windows Hello, its facial, fingerprint, and iris-scanning system, the company is promoting its superiority of...

Apple vulnerability: root login without password possible - 11/29/2017 01:22 PM
A developer, last night, reported a security problem in macOS High Sierra. This is the latest revision of the operating system for Apple computers. It is possible to log in without a password and ob...

Nvidia Updates GeForce Experience - Accounts and Passwords now mandatory - 07/06/2016 03:06 PM
Nvidia today issues a new and sizable update to GeForce experience, what everyone dreaded slowly is now going into effect. To obtain certain features you'll need to register and login with your accou...

Google Testing accounts with no password required - 12/23/2015 10:26 AM
Intersting, Google Appears To Be Testing A New Way To Log Into Your Account On Other Devices With Just Your Phone (No Password Needed).  It's all about signing in to your Google account without ha...

Steam password exploit discovered - 07/27/2015 12:38 PM
Until recently it was possible to access someone's steam account with only a username. Basically, the authentification process needed to change an account password could be bypassed by... simply ign...


QuarantineMark
Junior Member



Posts: 1
Joined: 2014-12-24

#5588252 Posted on: 09/23/2018 11:07 PM
https://community.wd.com/t/my-cloud-authentication-bypass-09-21-2018/228533

Update 9/21/18: The issue stated below concerning an authentication bypass vulnerability has been addressed with a hotfix that can be immediately downloaded here: https://support.wdc.com/knowledgebase/answer.aspx?ID=25952&s


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2022