Open secureness opened 1 year ago
According to this if we want to Test this CVE by RCE, we must change server configurations, So I recommend that we check if we can access Authorized endpoints or not.
I really like to start implementing a tsunami plugin for it, please give me a ping about current situation of this issue. @maoning @nttran8
Hi @maoning @nttran8 , could you please let me to start implementing this plugin?
There are too many instances of this Application on internet according to shodan it would be great to let me start implementing a tsunami plugin for this critical vulnerability ASAP. References: POC: https://github.com/elttam/publications/blob/master/writeups/home-assistant/supervisor-authentication-bypass-advisory.md Blog Post: https://www.elttam.com/blog/pwnassistant/ GitHub advisory: https://github.com/home-assistant/core/security/advisories/GHSA-2j8f-h4mr-qr25