[Snort-sigs] WD MyCloud authentication bypass

Y M snort at ...3751...
Tue Feb 14 09:55:27 EST 2017


Hello,


The below signature is for detection a weak authentication bypass in WD MyCloud. No pcaps are available.


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Western Digital MyCloud weak authentication bypass attempt"; flow:to_server,established; content:"/login_checker.php"; fast_pattern:only; http_uri; content:"username=1"; http_cookie; content:"isAdmin=1"; http_cookie; metadata:ruleset community, http service; reference:url,vuldb.com/?id.96820; reference:url,security.szurek.pl/wd-my-cloud-mirror-211153-rce-and-authentication-bypass.html; classtype:attempted-admin; sid:1000833; rev:1;)


Thank you.

YM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20170214/14cf676f/attachment.html>


More information about the Snort-sigs mailing list