Announcement

Collapse
No announcement yet.

Splashtop Security Hole Exposed

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Kano
    started a topic Splashtop Security Hole Exposed

    Splashtop Security Hole Exposed

    At least same versions of Splashtop are not as save as they want to be. Especially when only the HD install variant was used. In case of affected versions like 1.2.3.1 you can access all USB media and the Windows partition used to install Splashtop completely! To verify if your version is affected try:

    http://127.0.0.1:1080

    There you can access - without any mod - all files via

    http://127.0.0.1:1080/links

    For your fun you find even a music.mp3 file there

    http://127.0.0.1:1080/music.mp3

    If your system is directly connected to internet (maybe using DSL dialin within Splashtop or via cable modem) all others can enjoy the content of your hd!

    Btw. newer Splashtop version only block the webserver listing, but when you know the name, you still can access the data when you know the deep link. Luckyly they blocked access from outside then - at least 1.2.8.0 fixes it. But it is still possible to aquire the registry or other system files and save em onto USB stick without any mod. That means you can access user data like serials and other data which is stored there. Very nice feature to have Splashtop available to hack pcs without the need of any bootable media

    Like:

    http://127.0.0.1:1080/links/winhdd/disk1/splash.idx

    http://127.0.0.1:1080/links/winhdd/disk1/boot.ini

    The affected package is bs-apache.sqx.

    Edit: I would like to know from a Splashtop developer (maybe via the blog), why the winhdd link is there (take a look into va-photo.sqx) when it is not used by any app. Only this makes a big issue from that error. You are able to view/save files which you can not even access when Win is booted - like the registry.
    Last edited by Kano; 08-09-2008, 06:21 AM.

  • brian_m
    replied
    Originally posted by Kano View Post
    I gave you already the hint where to search. It is really easy with clean glasses...
    lol. i got it. thanks.

    Leave a comment:


  • Kano
    replied
    I gave you already the hint where to search. It is really easy with clean glasses...

    Leave a comment:


  • brian_m
    replied
    couldn't find it to download.

    Leave a comment:


  • Kano
    replied
    Why don't you download it? That's the only way to get updates anyway...

    Leave a comment:


  • brian_m
    replied
    I have an asus...and all i had to do to restore was hit f9 on startup...but it didn't reinstall it. now it says to use the expressgate setup but i can't find that anywhere on my computer.

    Leave a comment:


  • Kano
    replied
    Use the Win installer? Like you find on the support page for P5Q.

    Leave a comment:


  • brian_m
    replied
    Help! again.

    I just had to reformat my hd and it took off expressgate...how do i get it back?

    Leave a comment:


  • Kano
    replied
    Well there is still one attack possible, you can access files from the system when you know the full path already. At least the hd is not exposed to the network. When you don't need the picture viewer or mp3 player you can remove bs-apache.sqx, then the problem is gone completely. The bug was fixed, but for example HP still does not provide an update to Voodoo ISO with that fix - still at version 1.0.

    Leave a comment:


  • ystyst
    replied
    Below is the email reply from splashtop representative,
    !

    ...

    Thanks for your inquiry and interest in Splashtop.

    In short, the local file-system exposed security hole reported back in July, 2008 has long been fixed in newer releases of Splashtop (and its derivatives).

    ...

    Leave a comment:

Working...
X