Security flaw gives everyone access to your WD My Cloud disks

Posted on Friday, Sep 21 2018 @ 09:28 CEST by Thomas De Maesschalck
Securify security researchers discovered that Western Digital's My Cloud storage gear can be breached via an HTTP request, which basically turns these devices into "everyone's cloud". The security vulnerability enables attackers to access the storage device over a network and enables admin privileges, without requiring a password.

The hack is surprisingly simple, it requires just a couple of lines of code and tricks the device into giving you administrative privileges by sending a cookie that contains "username=admin".
According to Securify, the flaw itself lies in the way My Cloud creates admin sessions that are attached to an IP address. When an attacker sends a command to the device's web interface, as an HTTP CGI request, they can also include the cookie username=admin – which unlocks admin access.

Thus if properly constructed, the request would establish an admin login session to the device without ever asking for a password. In other words, just tell it you're the admin user in the cookie, and you're in.
WD was informed of the bug in April. Securify is publicly disclosing the matter because they did not receive a response from the storage firm.

Via: The Register

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments