Vulnerabilities (Page 4)

D-Link Rate-Liminting Bypass

D-Link attempted to provide some protection against brute-force by delaying the response for three seconds on a bad login.The problem was that the delay only happened on a bad login meaning, so there was a clear timing difference between a good and bad login attempt…

 

Unauthorized Access in Workplace by Facebook

web

Workplace by Facebook would allow workplace administrators to enable a “self-invite” option.Anyone with an email on an approved domain could invite themselves into the workplace…

 

Security probe of Qualcomm MSM data services

First goes into some background details on QMI, what kinds of services it provides, and details on how they fuzzed the interface (used QEMU hexagon to emulate the modem in conjunction with AFL).They talk about one of the vulns the fuzzer dug up, which was a heap overflow in the voice service’s call_config_req handler…

 
1
2
3
4
5
6
7