Exposed API-key allows to control nightly builds of firmwares (█████████ & ████████)
High
U
Ubiquiti Inc.
Submitted None
Team Summary
Official summary from Ubiquiti Inc.
The researcher found a public API token that was mistakenly granted full-access permission, which allowed the creation/overwrite of nightly builds of UniFi Firmware.
Actions:
Reported by
tripwire
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Violation of Secure Design Principles