4 min
IoT
IoT Vuln Disclosure: Children's GPS Smart Watches (R7-2019-57)
In a recent IoT hacking training exercise, Rapid7 penetration testers set out to find vulnerabilities in a number of children's GPS-enabled smart watches.
6 min
Vulnerability Disclosure
R7-2019-32: Denial-of-Service Vulnerabilities in Beckhoff TwinCAT PLC Environment
Rapid7 researcher Andreas Galauner has discovered two vulnerabilities affecting the TwinCAT PLC environment.
11 min
Vulnerability Disclosure
R7-2019-09 | CVE-2019-5617, CVE-2019-5643, CVE-2019-5644: C4G BLIS authentication and authorization vulnerabilities (FIXED)
This disclosure describes R7-2019-09, composed of three vulnerabilities in the
Basic Laboratory Information System (BLIS). Due to flawed authentication and
authorization verification, versions of BLIS < 3.5 are vulnerable to
unauthenticated password resets (R7-2019-09.1), and versions of BLIS < 3.51 are
vulnerable to unauthenticated enumeration of facilities and usernames
(R7-2019-09.2) as well as unauthenticated updates to user information
(R7-2019-09.3).
These vulnerabilities are summarized i
2 min
Vulnerability Management
August 2019 Microsoft Remote Desktop Services (RDP) Patches: What You Need to Know
A new set of vulnerabilities in RDP impact every modern version of Windows. Here's what you need to know.
3 min
Vulnerability Disclosure
Zoom Video Snooping Security Flaw (CVE-2019-13450): What You Need to Know
Here's what you need to know about the recent Zoom vulnerability disclosure.
3 min
Windows
Microsoft Windows RDP Network Level Authentication Bypass (CVE-2019-9510)
CERT/CC has released an advisory regarding discovered behavior in the Microsoft Windows Remote Desktop Protocol (RDP), which can allow an attacker to bypass the lock screen on some remote sessions.
9 min
Vulnerability Disclosure
Investigating the Plumbing of the IoT Ecosystem (R7-2018-65, R7-2019-07) (FIXED)
Two vulnerabilities have been disclosed for Eaton's Home Lighting HALO Home Smart Lighting System and BlueCats' AA Beacon.
3 min
Vulnerability Disclosure
R7-2018-43: Username Enumeration in Okta SSO Del Auth through Response Timing
A vulnerability has been discovered in Okta SSO running in Delegated Authentication (Del Auth) mode, a popular configuration for Okta SSO.
3 min
Vulnerability Disclosure
R7-2019-01: CircuitWerkes Sicon-8 Client-Side Authentication Read-Only Bypass (CVE-2019-5616)
The Sicon-8 ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user’s web browser.
8 min
Vulnerability Management
Understanding Ubiquiti Discovery Service Exposures
On Jan. 29, the Rapid7 Labs team was informed of a tweet by Jim Troutman indicating that Ubiquiti devices were being exploited and used to conduct denial-of-service attacks using a service on 10001/UDP.
3 min
Haxmas
R7-2018-52: Guardzilla IoT Video Camera Hard-Coded Credential (CVE-2018-5560)
Most HaXmas posts are full of fun and frivolity, but this one is a routine vulnerability disclosure in a piece of IoT gear that you should know about.
5 min
Public Policy
Prioritizing the Fundamentals of Coordinated Vulnerability Disclosure
In this post, we aim to distinguish between three broad flavors of CVD processes based on authorization, incentives, and resources required. We also urge wider adoption of foundational processes before moving to more advanced and resource-intensive processes.
8 min
Vulnerability Disclosure
Shoring Up the Defenses Together: 2018Q2 and Q3 Wrap-Up
Today (October 29, 2018) we are sharing several vulnerabilities that have been fixed in Rapid7 products and supporting services.
3 min
Vulnerability Disclosure
R7-2018-15 | CVE-2018-5553: Crestron DGE-100 Console Command Injection (FIXED)
This post describes CVE-2018-5553, a vulnerability in the Crestron Console
service that is preinstalled on the DGE-100. Due to a lack of input
sanitization, this service is vulnerable to command injection that can be used
to gain root-level access. DGE-100 devices running firmware versions
1.3384.00049.001 and lower with default configuration are vulnerable to
CVE-2018-5553.
CVE-2018-5553 is categorized as CWE-78 (Improper Neutralization of Special
Elements used in an OS Command) [https://cwe.m
7 min
Vulnerability Disclosure
Shoring Up the Defenses Together: 2018Q1 Wrap-Up
Today (April 10, 2018) we are sharing six vulnerabilities that have been fixed
in Rapid7 products and supporting services. You won’t need to take any actions:
all of the issues have been addressed. We are disclosing these vulnerabilities
in order to be transparent, to thank those that take the time to report security
issues responsibly, and to provide a few reminders of security concerns that you
should audit for in your own organization.
Dynamically-generated web server access policies
Generat