Mastodawn

#WDMyCloud users should disconnect it from the internet until #WesternDigital provides an update. A authentication bypass vulnerability has been found.

It is good to run a private cloud - but vendors really need to step up their security efforts...

https://www.securify.nl/advisory/SFY20180102/authentication-bypass-vulnerability-in-western-digital-my-cloud-allows-escalation-to-admin-privileges.html

Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges

Security Advisory

Show thread

Aussie Rockman Sep 23, 2018

@nextcloud hotfix released by Western Digital yesterday. Users should apply asap.

Show thread

🐬Sep 23, 2018

@nextcloud Notice how the researchers contacted WD on Apr 10. No response until publication on Sep 18 (after 5! months). Then fix 4 days after publication. I guess security is less important than bad publicity to #WesternDigital.

Show thread

JustineSC9 Sep 23, 2018

@nextcloud Bien contente d'avoir débranché le mien depuis l'annonce de la backdoor, pu aucune confiance dans ce parpaing !