Advisories

The OpenText Archive Center Administration Client (Versions 16.2.3, 21.2 and previous) allow XML External Entity (XXE) attacks. This allows malicious authenticated users to exfiltrate the contents of files on the application host, carry out port scanning activities, or potentially cause a localized Denial of Service (DOS) attack against the application instance and system of the user running it.

The Megafeis API server had an insufficient password policy for its user accounts. This would facilitate an attacker's efforts to obtain user passwords via password guessing attacks. Additionally, the API server did not appear to have a rate-limiting function in place, increasing the likelihood of a successful password brute force attack against the server.

An information disclosure issue was discovered allowed an attacker within Bluetooth broadcast range of a target Megafeis-branded Smartlock to acquire sensitive information. This information was the email address and phone number associated with accounts which owned Megafeis smart locks. This information can be combined with related issues discovered by the researcher to facilitate an attacker's efforts take over the target user's account.

An insecure expiry mechanism for password reset codes was discovered in how Megafeis-branded smartlocks handled password reset requests. An unauthenticated user can utilize this vulnerability to hijack legitimate accounts, which can give the attacking user complete unlock access to all the smart locks bound to the compromised account while simultaneously causing a denial-of-service scenario for the legitimate user.

An authorization issue was discovered in the HTTP API used by the DBD+ mobile companion application, which is used to manage Megafeis branded smart locks. An authenticated user that is able to forge request signing keys can utilize this vulnerability to perform arbitrary API requests. This would grant them the ability to enumerate, transfer ownership of, and unlock any Megafeis smart lock within physical proximity using only the lock's MAC address, which it broadcasts over Bluetooth.

Microsoft Office 365 Message Encryption (OME) utilitises Electronic Codebook (ECB) mode of operation. This mode is insecure and leaks information about the structure of the messages sent and can lead to partial or full message disclosure.