Tagged "Vulnerability"

IPv6 is the next (current?) generation Internet protocol. It has been designed to overcome many limitations of IPv4 and fix some of the issues and weaknesses. Nevertheless, IPv6 fragmentation presented many vulnerabilities similar to the IPv4 ones in the past: new testing models were presented to check the presence of such problems.

In this work, we demonstrate that IPv6 fragmentation issues are still present today in operating systems because of the weakness of the model used to test their compliance. We also propose a new model that overcomes these limitations.

Recently, Mikrotik added a REST server as a new API for managing the router. It is a nice alternative to their proprietary API when automating RouterOS.

However, young software usually contains bugs. Sometimes, these bugs are security-related, and, together with not-so-safe defaults, they may create a vulnerability.

A few months ago, as part of our investigations on IPv6 security in the NetSecurityLab @ Sapienza University, we discovered a vulnerability that allows attackers to bypass rules in pf-based IPv6 firewalls in particular conditions. Let’s see some details of this vulnerability.

Many hobbyists and professionals use common MQTT brokers and libraries, like “Mosquitto”, in their projects. We asked ourselves: are these implementations “safe”? Is there any security issue we can exploit?

I use open-source software every day. And I try to contribute as much as I can.

However, sometimes weird things happen when writing OSS code. Like finding a security bug in a closed source software.

TL;DR: the Cisco VPN 3000 Concentrator has a bug that allows you to create a DoS (and maybe a MITM) by sending the wrong netmask in IPSec phase 2.

As many IT folks, I have my VPS (for instance, this website is running on it).

Yesterday I was having a break from studying for next exam.