Hello and welcome to the Friday, May 3rd, 2024 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

When teaching web application security, one of the things that often comes up is simple authentication bypasses,

and I do mention things like a stupid cookie

that says user equals admin.

You would think this wouldn't work, but well, that's exactly what I was writing about today.

It used exactly this type of vulnerability.

A cookie user equals admin.

In addition, the vulnerability that is likely being exploited here uses a command injection

vulnerability where when you're trying to change your password, it will also inject commands

for you.

Just to clarify, LBLink, don't confuse it with T-P-L-B-L-B-L-L-B-L-L-L-B-LK is

a Chinese OEM, as far as I can tell. Their routers may be sold under various

trademarks. WINGA-R-A-C-1200. Apparently, same vulnerability, so likely same manufacturer and same firmware.

One problem with sort of these routers that are sold under different trade names is that it can be

difficult to figure out where to actually get firmware for these devices before you buy any kind of

device like this. Always try to find a manufacturer's website. Check out if firmware is easily

available from the website. And while you're there, also check if they have any kind of end-of-life

policy to make sure you're not

buying a device that will no longer receive any updates.

And talking about routers and related devices, we do have an update for Aruba OS, that's part of

HP Enterprise.

...