Re: [FD] QNAP TS-469U shadow file world readable
Hi, the same holds for a QNAP TS-459U. Besides, the shadow file on that box contains MD5 hashes without salt. Cheers, Erik -- La perfection est atteinte non quand il ne reste rien ajouter, mais quand il ne reste rien à enlever. -- Antoine de Saint-Exupéry On Fri, Jul 11, 2014 at 11:13:32AM +0200, Joerg Mertin wrote: > I can confirm that... QNap SS-839 > > [/etc] # pwd > /etc > [/etc] # ls -l shadow > lrwxrwxrwx1 adminadminist 13 Aug 15 2013 shadow -> > config/shadow > [/etc] # ls -l config/shadow > -rw-r--r--1 adminadminist 455 Jun 25 2013 config/shadow > > That is also the reason that my NAS has no access (actively blocked IP > address > on firewall to deny access out the world interface). > I had notified QNap of that some years back - and as they didn't react, > implemented my own countermeasures where one is to disallow access to the > Internet. > > On Friday 11 July 2014 10:55:22 Melchior Limacher wrote: > > [cid:image001.png@01CF9CF6.9CE624D0] > > > > [cid:image002.png@01CF9CF6.9CE624D0] > > > > > > Cheers > > -- > We are Pentium of Borg. Division is futile. You will be approximated. > (seen in someone's .signature) > > Joerg Mertin in Clermont/France > Web: http://www.solsys.org > PGP: Public Key Server - Get "0x159DC660F946126F" > > > ___ > Sent through the Full Disclosure mailing list > http://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ ___ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Re: [FD] [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto
Hi, On Tue, Dec 27, 2016 at 09:01:49AM -0800, Tim wrote: > [...] > > > > But there still are people who use CBC... > > [...] > > All traditional modes that lack integrity protection are vulnerable to > chosen-ciphertext attacks in these kinds of scenarios. > [...] > All traditional modes need a MAC or similar integrity protection. That is correct. > In light of that, there's > nothing particularly wrong with using CBC, if it is implemented well. > At least, using it is not *more* wrong than using OFB, CFB, or CTR That is wrong. CBC mode allows attacks such as "Sweet32" (https://sweet32.info/), which is not possible with CTR mode. > without integrity protection. Correct again, but too simple minded. Any encryption without integrity protection does not provide confidentiality against an active attacker. Using the wrong mode with a block cipher can render authentication irrelevant in attacks on confidentiality. > [...] > We should instead be pointing developers in > the direction of using something off-the-shelf [...]. > Much less room for error. That is sound advice. In addition, broken ciphers, modes, and protocols still implemented for backwards compatibility should not be used. Thanks, Erik -- [A]pplied cryptography mostly sucks. -- Green's law of applied cryptography ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/