WD MyCloud security flaw

Closed Thread
  1. #1

    Join Date
    Aug 2006
    Posts
    11,884

    WD MyCloud security flaw

    Another example of why not to buy products from half-baked NAS manufacturers. The exploit here is mindblowingly simple.

    According to Securify, the flaw itself lies in the way My Cloud creates admin sessions that are attached to an IP address. When an attacker sends a command to the device's web interface, as an HTTP CGI request, they can also include the cookie username=admin – which unlocks admin access.

    https://www.theregister.co.uk/2018/0...ital_my_cloud/


  2. #2

    Join Date
    Mar 2010
    Posts
    1,194

    who makes a NAS that is not half baked?

    At least WD probably have decent data recovery service.