Check out 0DayAllDay's latest blog. Where @kulinacs and @CharlesDardaman got their first CVE (CVE-2018-5560).
Vulnerability is still present as the vendor never responded.https://www.0dayallday.org/guardzilla-video-camera-hard-coded-aws-credentials/ …
-
Show this thread
-
Note that the weakness is not *because* of a weak algorithm. It's because a weak password is used. If they used a better algorithm, you might be required to use a GPU to crack it in a reasonable time, as opposed to just using your CPU. Either way, you're going to get it.pic.twitter.com/NE5H9XwBXn
1 reply 0 retweets 1 like -
Replying to @wdormann @0Dayallday and
To imply that you needed dual GTX 1080 GPUs to crack the password "GMANCIPC" is a bit of a stretch. You probably could have done it with your cell phone.
1 reply 0 retweets 2 likes -
Replying to @wdormann @0Dayallday and
For sure couldn't use a cell phone haha. Using my GPU's was just much faster. This is one of the few passwords that I have been able to crack that was just a single hash. DB dumps are much easier. SHA512 beats up my GPU's but still would have found it.
1 reply 0 retweets 1 like -
Replying to @INIT_3 @0Dayallday and
Yeah, the cellphone comment was a bit of an exaggeration. But the point is, the password-cracking time with a great passphrase should be somewhere near the heat death of the universe with current modern computing. If it's not, it's not a good passphrase, IMO.
1 reply 0 retweets 3 likes
And I recently discovered a piece of information that sort of negates my original comment: des-crypt ignores password characters after 8 characters. So technically, it's impossible to have a good password using that algorithm. "GMANCIPC" is particularly horrible given that even.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.