Flutterby™! : WD MyCloud backdoor

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

WD MyCloud backdoor

2018-01-08 19:44:21.511173+01 by Dan Lyke 0 comments

Western Digital My Cloud drives have a built-in backdoor.

More troubling is the existence of a hard coded backdoor with credentials that cannot be changed. Logging in to Western Digital My Cloud services can be done by anybody using "mydlinkBRionyg" as the administrator username and "abc12345cba" as the password. Once logged in, shell access is readily available followed with plenty of opportunity for injection of commands.

People are reporting that this did get fixed more recently, although nobody's sure if it got "fixed" by changing credentials, or by being removed. Speculation is that it's left over from a DLink product.

Vulnerabilities at http://gulftech.org/advisories...20Multiple%20Vulnerabilities/125

[ related topics: Interactive Drama Current Events ]

comments in descending chronological order (reverse):

Comment policy

We will not edit your comments. However, we may delete your comments, or cause them to be hidden behind another link, if we feel they detract from the conversation. Commercial plugs are fine, if they are relevant to the conversation, and if you don't try to pretend to be a consumer. Annoying endorsements will be deleted if you're lucky, if you're not a whole bunch of people smarter and more articulate than you will ridicule you, and we will leave such ridicule in place.

Flutterby™ is a trademark claimed by

Dan Lyke
for the web publications at www.flutterby.com and www.flutterby.net.