Sign in / up

Reply to post: Re: Well so where's the problem?

FREE zero-day for every reader: AT&T's DirecTV kit has a root hole – and no one wants to patch it

Michael Wojcik Silver badge
Reply Icon

Re: Well so where's the problem?

you run a "reflection attack"

Yup. All the attacker needs is for you to visit a page with a CSRF vulnerability. Of which there are approximately one zillion.

Pivot-and-escalate is one of the most common attack approaches. Everyone in IT should know that.

It's not a problem that the owner (or renter, or however the agreement with AT&T works) can get root. It's a problem that anyone can, trivially.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon