Saturday, March 4, 2017

Hacking the Western Digital MyCloud NAS

If you own a Western Digital MyCloud device, you really should read this. The company is aware of the issue and is working on a fix.

I quickly found the first bug that shocked me, this bug was based on code that performed a user login check but did so using cookies or PHP session variables. Using cookies for authentication isn’t necessarily a bad thing, but the way that the Western Digital MyCloud interface uses them is the problem.