Authentication Bypass Vulnerability in Western Digital My Cloud Allows Escalation to Admin Privileges
Unauthenticated attacker can exploit vulnerability to authenticate as admin user without needing to provide password, thereby gaining full control of My Cloud device.
This is a Press Release edited by StorageNewsletter.com on September 26, 2018 at 2:45 pmFrom: Security.nl
Authentication bypass vulnerability in Western Digital Corp. My Cloud allows escalation to admin privileges
The Exploitee.rs independently discovered and disclosed the same vulnerability.
Tested versions:
This vulnerability was successfully verified on a Western Digital My Cloud model WDBCTL0020HWT running firmware version 2.30.172. This issue is not limited to the model that was used to find this vulnerability since most of the products in the My Cloud series share the same (vulnerable) code.
Abstract: It was discovered that the Western Digital My Cloud is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the My Cloud device. The Exploitee.rs independently discovered and disclosed the same vulnerability.
Timeline:
-
09 April 2017: Discovered vulnerability.
-
10 April 2017: Reported to Western Digital customer support.
-
No more vendor response
-
17 September 2018: Requested CVE
-
18 September 2018: CVE-2018-17153 assigned
-
18 September 2018: Published details
Additional ressource: Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges