Reply to post: Security devices and web interfaces

Voting machine maker vows to step up security, Fortnite bribes players to do 2FA – and more

Anonymous Coward
Facepalm

Security devices and web interfaces

Researchers at Project Insecurity have detailed a vulnerability in SOLEO's IP relay technology that disclosed sensitive files on affected installations. For example, the following HTTPS request to a vulnerable service”...

The solution being, don't put a web anything on security devices, remove the http server, remove the http browser, remove the java interpretor etc. and learn to use command-line tools and configuration scripts.

This vulnerability exists due to the fact that there is improper sanitization on the ‘page’ GET parameter in servlet/IPRelay. A developer should always check for dangerous characters in filenamesref

2001 is calling and want's its Directory Traversal attack back :]

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon