Information disclosure

A client recently asked me for help with a fingerprint scanner/timeclock for employees to punch in and punch out. It seems that when the device finds an AP with spaces or underscores in the name some undefined behavior occurs.

You’ll probably have to click on that image to see a full size version, but the name of the second access point is a bunch of hex digits. Before the NULLs the string is “20Pender”, which is the name of a nearby street. I’m surprised to see such a shoddy wireless implementation out there. If it can’t even do proper input validation on SSID strings imagine how many other bugs must exist. Luckily this has an Ethernet port because there’s no chance this could ever work in an environment with APs under third party control. (eg. Every office building and condo)

Advertisements
Information disclosure