Kasa camera flaw allows enumerating usernames for credential stuffing

Kasa camera flaw allows enumerating usernames for credential stuffing
 

Most of the time, when security researchers come across vulnerabilities, they are looking for them by scanning devices in and out. This time though in the latest, a hobbyist farmer was only looking to catch someone eating his cucumber plant’s leaves when he stumbled upon flaws in a Kasa camera.


Set in position, Jason Kent from Cequence Security installed the camera’s mobile app in order to see the photos from the camera that was pointed towards his plant. These photos, he says, were being transmitted by the app connecting over the network directly to the camera but could also be seen even if he himself wasn’t connected to the network.


See: Techie buys Axon body camera from eBay; finds unencrypted police videos


Naturally concerned, Kent took a closer look which revealed several problems at bay. Firstly looking over the encryption of the data transmission, he found out that even though SSL was being used, the certificate wasn’t pinned making it “easy to open it up and look at the transactions”.

Secondly, it was revealed that Base64 encoding was being used for the user credentials instead of additional and more secure measures such as hashing which isn’t exactly the best thing to do when protecting a network.


Moving on, in a blog post, Kent explains another vulnerability in detail:



Of equal concern to me was that the authentication to the web platform ..

Support the originator by clicking the read the rest link below.