>security holes include a slew of SQL injection vulnerabilities in webpages included with the device firmware. Among other things, the researchers found they could exploit SQL injection holes in the web based management interface to access the underlying MySQL database, gaining access to usernames and passwords for the device.

Solar panel, courtesy of ShutterstockPasswords, the researchers noted, were stored in plaintext.

And, in a pattern that has become distressingly common in the SCADA world, the researchers discovered hard coded administrative accounts for the Sinapsi devices.

The login.php page would accept a small number (two or three) of universal passwords that would grant access to the device regardless of what user login they were paired with.

и далее уже ожидаемое:

>The researchers disclosed the holes to Sinapsi in August, 2012 and released details of their findings on October 9, after failing to get a response, they said.

опять незнакомые люди разозлили меня... кто бы отшлёпал этих сук и забрал у них все деньги обратно?

#ttensf

add comment recommend bookmark subscribe