An RCE existed due improperly sanitized parameters in the config name and optional flags parameter. While it is true that once you are logged into a wifi pineapple, you should technically already have the root password, this was not intended functionality and is a vulnerability that should not exist. This has been fixed in this release.
Additionally, upstream improvements to firmware 2.6.x were made that resolve Issue https://github.com/InjectionSoftwareDevelopment/OpenVPNConnect/issues/12 on my main dev branch, but unfortunately a bug was introduced at some point that caused dependency installation and handling to result in a 500 error response. This showed its face in the latest firmware release and was resolved by properly passing a default "false" parameter to the appropriate API function for handling dependencies.
(Apologies for the duplicate requests, the former was goof up on my end, I miss clicked during a dev branch PR. This is the real PR!)
foxtrot
commented
4 years ago
An RCE existed due improperly sanitized parameters in the config name and optional flags parameter. While it is true that once you are logged into a wifi pineapple, you should technically already have the root password, this was not intended functionality and is a vulnerability that should not exist. This has been fixed in this release.
Additionally, upstream improvements to firmware 2.6.x were made that resolve Issue https://github.com/InjectionSoftwareDevelopment/OpenVPNConnect/issues/12 on my main dev branch, but unfortunately a bug was introduced at some point that caused dependency installation and handling to result in a 500 error response. This showed its face in the latest firmware release and was resolved by properly passing a default "false" parameter to the appropriate API function for handling dependencies.
(Apologies for the duplicate requests, the former was goof up on my end, I miss clicked during a dev branch PR. This is the real PR!)