Weak credentials for nutty.ubnt.com
Medium
U
Ubiquiti Inc.
Submitted None
Team Summary
Official summary from Ubiquiti Inc.
The researcher found weak password in the site `nutty.ubnt.com`, but the system does not differentiate between authenticated and non-authenticated users. The researcher was not able to provide a PoC that could expose any vulnerability, so the report was closed "Informative".
Actions:
Reported by
korprit
Vulnerability Details
Technical details and impact analysis
nutty.ubnt.com has a login link, when clicking on it the user is presented with a login form. using 'admin' for both username and password results in valid session.
this account allow for the upload of arbitrary files. I am checking to see if this will allow for further functionality (like a webshell)
Report Details
Additional information and metadata
State
Closed
Substate
Informative
Submitted
Weakness
Improper Authentication - Generic