During a short review of the Jenkins source code, we found a vulnerability that can be used to bypass the mutual authentication when using the JNLP3 remoting protocol. In particular, this allows anyone to impersonate a client and thereby gain access to the information and functionality that should only be available to that client.

DNS rebinding attacks are a common attack technique against local applications, in order to bypass the same origin policy. The use of HTTPS has always been considered to be an effective mitigation against this attack. In this post we describe a new technique that enables the DNS rebinding attack against a HTTPS target.

The `SecureRandomFactoryBean` class in Spring Security by Pivotal has a vulnerability in certain versions that could lead to the generation of predictable random values when a custom seed is supplied. This vulnerability could lead to predictable keys or tokens in applications that depend on cryptographically-secure randomness. Applications that use this class may need to evaluate if any predictable tokens were generated that should be revoked.

During a code review of XenServer, we found and exploited a vulnerability in the XAPI management service that allows an attacker to bypass authentication and remotely perform arbitrary XAPI calls with administrative privileges.

In this post we describe multiple vulnerabilities we found in the infortainment system used in cars from the Volkswagen Auto Group. The vulnerabilities can be exploited via a cellular connection, leading to the cars CAN bus.

During a summary code review of NAPALM, we found and exploited several issues that allow a compromised host to execute commands on the NAPALM controller and thus gain access to the other hosts controlled by that controller.