The Vera Community forums have moved!

Advanced => Security => Topic started by: johnes on March 10, 2015, 12:31:52 pm

Title: https://fwd3.mios.com/USER/PASS/VERAID/
Post by: johnes on March 10, 2015, 12:31:52 pm
I am pretty sur this must have come up before, but I can't find any mention of it.

Does vera provide anyway to audit the logs of people trying to hack the system?

It seems that I can get unlimited number of tries to guess a password or username.  Admittedly, knowing 2 of these three things seems to be almost impossible, but figured I'd ask.
Title: Re: https://fwd3.mios.com/USER/PASS/VERAID/
Post by: RichardTSchaefer on March 10, 2015, 04:21:18 pm
That's the OLD (UI5) system ... the new (UI6+) system is so difficult ... even when you know how to access it ... it difficult to get right.

Title: Re: https://fwd3.mios.com/USER/PASS/VERAID/
Post by: johnes on March 10, 2015, 05:36:36 pm
 :)
Title: Re: https://fwd3.mios.com/USER/PASS/VERAID/
Post by: andreyklinger on March 12, 2015, 10:40:43 am
johnes,

For UI5 if you know the username you know the ID.
And most forum members use the same name in the forum and in Vera (good for you that you don't)  ;)
Title: Re: https://fwd3.mios.com/USER/PASS/VERAID/
Post by: joel on March 19, 2015, 08:11:42 pm
Block Internet access to your Vera device, it's the only way to be safe.
Title: Re: https://fwd3.mios.com/USER/PASS/VERAID/
Post by: RichardTSchaefer on March 19, 2015, 09:14:09 pm
@joel
Quote
Block Internet access to your Vera device, it's the only way to be safe.

NOT TRUE! Vera forwarding tunnels are initiated from VERA inside your network.
The exploit described is how to get into your Vera through Vera's relay servers that use this connection.

It's only a UI5 vulnerability.

If you want to secure UI5 you need to disable remote access ... That takes our all of the mobile apps (except those that allow you to connect to a local VPN port on your mobile, but this requires you to setup a VPN to your home network).