what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 5 of 5

Files from Georg Lukas

Grandstream Wave 1.0.1.26 Update Redirection

Posted Mar 18, 2016

Authored by Georg Lukas

The Grandstream Wave application version 1.0.1.26 periodically queries the Grandstream server for app updates. If a new update is found, the app shows a notification to the user that either opens the app's Google Play page or auto-downloads the APK file and opens it for installation. The update information is downloaded over an insecure connection from `media.ipvideotalk.com` and contains the version code and the update URL. An active attacker can redirect this request and trick the user into downloading a malicious update package

tags | exploit

advisories | CVE-2016-1520

SHA-256 | c530b1e4af62da81fc070ef71c1611d62d2872d39d07e2b965fb3fe3445fd447

Download | Favorite | View

Grandstream Wave 1.0.1.26 TLS Man-In-The-Middle

Posted Mar 18, 2016

Authored by Georg Lukas

Grandstream VoIP products deploy a remote provisioning mechanism that allows to automatically set configuration elements on app startup. By default, an insecure connection to `fm.grandstream.com` is used to obtain the provisioning profile. However, even if an HTTPS URL is configured, the certificate is not validated, allowing an active attacker to successfully impersonate the provisioning server with an invalid, mismatching or outdated certificate.

tags | advisory, remote, web

advisories | CVE-2016-1518, CVE-2016-1519

SHA-256 | e07ded7e5b842693413e62a615f10b879e181af670786c29c60e322c6aec3f73

Download | Favorite | View

Grandstream Wave 1.0.1.26 Man-In-The-Middle

Posted Mar 17, 2016

Authored by Georg Lukas

The Grandstream VoIP products deploy a remote provisioning mechanism that allows to automatically set configuration elements on phone/app startup. By default, an insecure connection to `fm.grandstream.com` is used to obtain the provisioning profile. An active attacker can redirect this request and change arbitrary values of the configuration. This allows to redirect phone calls through a malicious server, turn the phone into a bug, change passwords, and exfiltrate system logs (including the phone numbers dialed by the user).

tags | advisory, remote, arbitrary

advisories | CVE-2016-1518

SHA-256 | d1b894d5b6d9a118fe3fc810c4b4021f3cba247d9652471c993cfbcaf8b5e96a

Download | Favorite | View

Smack XMPP Library Man-In-The-Middle

Posted Aug 6, 2014

Authored by Georg Lukas

Smack XMPP library for Java suffers for a man-in-the-middle vulnerability. Versions 4.0.0 and 4.0.1 are affected.

tags | advisory, java

advisories | CVE-2014-5075

SHA-256 | cc79aa40f99651e357445431f6e8d8c60ecbebbfc96fefd016f0aff6670bf205

Download | Favorite | View

Instagram Crypto Issue / Hardcoded Key

Posted Aug 28, 2013

Authored by Georg Lukas

Instagram for Android suffers from a partial cryptographic authentication issue and also hard codes a secret key in the application.

tags | exploit

SHA-256 | fe4ecab0cd3f2337a6c819fe2cd9a3cdca982c55e8e4679b44d218f444dacefb

Download | Favorite | View