If I had a nickel for every time an IoT device just said "fuck it, we'll use some weird javascript method to handle device auth on the client side" and that immediately bit them in the ass...
I'd have two nickels, which isn't a lot, but weird that I've seen it twice in as many years.
https://ssd-disclosure.com/ssd-advisory-uniview-ipc2322lb-auth-bypass-and-cli-escape/
da_667 /
npub1vc…p2tep
2024-03-26 02:02:29
Author Public Key
npub1vca66tdd35k3mcxqgaydujqnlqsxfnsvqlmrsnfpp7s0p9na85gs0p2tepPublished at
2024-03-26 02:02:29Event JSON
{
"id": "78c02d475286f25911e9ef44341897ded546e9620c49f084562501f7ed796a37",
"pubkey": "663bad2dad8d2d1de0c04748de4813f82064ce0c07f6384d210fa0f0967d3d11",
"created_at": 1711418549,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/users/da_667/statuses/112159526027658695",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/da_667/statuses/112159526027658695",
"pink.momostr"
]
],
"content": "If I had a nickel for every time an IoT device just said \"fuck it, we'll use some weird javascript method to handle device auth on the client side\" and that immediately bit them in the ass...\n\nI'd have two nickels, which isn't a lot, but weird that I've seen it twice in as many years.\n\nhttps://ssd-disclosure.com/ssd-advisory-uniview-ipc2322lb-auth-bypass-and-cli-escape/",
"sig": "53c2867cfdd8b4550da865b456b903b99a6ef4a64e819d13326274c95b8dd5fd5d9775526dedfe2d84e688f3b3b900d3ccb9499ac0a935220a4d0c358124dbfa"
}