CVE-2020-28936 – Risks from symmetric encryption in UniFi’s inform protocol (jade.wtf) 2 points by andrewnicolalde 5y ago ↗ HN
[–] andrewnicolalde 5y ago ↗ I am absolutely shocked that the initial encryption key is literally the md5sum of "ubnt".https://gchq.github.io/CyberChef/#recipe=MD5()&input=dWJudAI wonder what the folks at HostiFi (cloud hosted UniFi controller software) might be thinking right now...edit: Looks like they've seen it. Their response is here: https://twitter.com/_rchase_/status/1329949952408244231 [–] reillychase 5y ago ↗ Thanks for sharing our response. I expect this to be fixed by Ubiquiti, but it will probably take some time, so we have that mitigation process available for those interested.
[–] reillychase 5y ago ↗ Thanks for sharing our response. I expect this to be fixed by Ubiquiti, but it will probably take some time, so we have that mitigation process available for those interested.
2 comments
[ 5.5 ms ] story [ 20.1 ms ] threadhttps://gchq.github.io/CyberChef/#recipe=MD5()&input=dWJudA
I wonder what the folks at HostiFi (cloud hosted UniFi controller software) might be thinking right now...
edit: Looks like they've seen it. Their response is here: https://twitter.com/_rchase_/status/1329949952408244231