SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Wednesday, October 1st, 2025: Cookie Auth Issues; Western Digtial Command Injection; sudo exploited;
Oct 1, 2025
Explore the ongoing risks of cookie-based authentication, where even a simple 'user=admin' can lead to significant vulnerabilities. Discover the critical command injection exploit in Western Digital's My Cloud devices and the importance of timely firmware updates. Learn about an actively exploited sudo vulnerability that allows privilege escalation with minimal effort. This insightful discussion highlights the need for vigilance in cybersecurity practices.
AI Snips
Chapters
Transcript
Episode notes
Predictable Cookie Auth Is Still Dangerous
- Simple, predictable cookies like "user=admin" still grant admin access in many devices and remain widely exploited.
- These issues appear in relatively recent vulnerabilities across DVRs, routers, and biometric systems.
Honeypots Reveal Real-World Cookie Exploits
- Johannes checked ISC honeypots and found many devices using predictable cookie-based authentication.
- He observed exploits tied to cookies like UID=1, user=admin, and CMX saved id across IoT and biometric products.
Patch And Isolate Vulnerable NAS Devices
- Patch Western Digital My Cloud and similar NAS firmware promptly to mitigate arbitrary command injection (pre-531.108 vulnerable).
- Never expose such devices directly to the internet; restrict access to local networks or via VPN.