We have moved at community.getvera.com

Author Topic: https://fwd3.mios.com/USER/PASS/VERAID/  (Read 2417 times)

Offline johnes

  • Hero Member
  • *****
  • Posts: 630
  • Karma: +7/-7
https://fwd3.mios.com/USER/PASS/VERAID/
« on: March 10, 2015, 12:31:52 pm »
I am pretty sur this must have come up before, but I can't find any mention of it.

Does vera provide anyway to audit the logs of people trying to hack the system?

It seems that I can get unlimited number of tries to guess a password or username.  Admittedly, knowing 2 of these three things seems to be almost impossible, but figured I'd ask.

Offline RichardTSchaefer

  • Community Beta
  • Master Member
  • ******
  • Posts: 10091
  • Karma: +764/-143
Re: https://fwd3.mios.com/USER/PASS/VERAID/
« Reply #1 on: March 10, 2015, 04:21:18 pm »
That's the OLD (UI5) system ... the new (UI6+) system is so difficult ... even when you know how to access it ... it difficult to get right.


Offline johnes

  • Hero Member
  • *****
  • Posts: 630
  • Karma: +7/-7
Re: https://fwd3.mios.com/USER/PASS/VERAID/
« Reply #2 on: March 10, 2015, 05:36:36 pm »
 :)

Offline andreyklinger

  • Newbie
  • *
  • Posts: 13
  • Karma: +1/-0
Re: https://fwd3.mios.com/USER/PASS/VERAID/
« Reply #3 on: March 12, 2015, 10:40:43 am »
johnes,

For UI5 if you know the username you know the ID.
And most forum members use the same name in the forum and in Vera (good for you that you don't)  ;)
« Last Edit: March 12, 2015, 11:14:31 am by andreyklinger »

Offline joel

  • Jr. Member
  • **
  • Posts: 50
  • Karma: +0/-0
Re: https://fwd3.mios.com/USER/PASS/VERAID/
« Reply #4 on: March 19, 2015, 08:11:42 pm »
Block Internet access to your Vera device, it's the only way to be safe.

Offline RichardTSchaefer

  • Community Beta
  • Master Member
  • ******
  • Posts: 10091
  • Karma: +764/-143
Re: https://fwd3.mios.com/USER/PASS/VERAID/
« Reply #5 on: March 19, 2015, 09:14:09 pm »
@joel
Quote
Block Internet access to your Vera device, it's the only way to be safe.

NOT TRUE! Vera forwarding tunnels are initiated from VERA inside your network.
The exploit described is how to get into your Vera through Vera's relay servers that use this connection.

It's only a UI5 vulnerability.

If you want to secure UI5 you need to disable remote access ... That takes our all of the mobile apps (except those that allow you to connect to a local VPN port on your mobile, but this requires you to setup a VPN to your home network).