FortiClient stores the VPN authentication credentials in a configuration file (on Linux or Mac OSX) or in registry (on Windows). The credentials are encrypted but can still be recovered since the decryption key is hardcoded in the program and the same on all installations. Above all, the aforementioned storage is world readable, which actually lays […]
D-Link DIR8xx routers suffer from a credential disclosure vulnerability.
Source: D-Link DIR8xx Credential Leak
The post D-Link DIR8xx Credential Leak appeared first on MondoUnix.
Firmware reversing of the Barracuda Web Application Firewall uncovered development artifacts that should have been removed on the production images. Once the encryption scheme was broken, many QA and development tools were discovered on the affected partitions. Some of these contained sensitive information such as authentication credentials used by internal developers. Firmware version 8.0.1.014 is […]
The post Barracuda WAF V360 Firmware 8.0.1.014 Credential Disclosure appeared first on MondoUnix.