We found a vulneability in Centreon, the popular monitoring solution: the application exposes user session ID in some server responses.

Combined with other vulnerabilities (like CVE-2020-10946), this can lead to critical exploitation scenarios.

Lire la suite

Okular is a universal document viewer developed by the KDE project.

We found a command execution inside a PDF document that can be used with social engineering attacks to remotely execute commands on a target system.

Lire la suite

We had seen many and many papers about attacking alarm systems. Most of the targets had been cheap, insecure and easily breakable.

At the beginning of this year (2019), we decided to look at something more robust. Thus, we purchased a better and quite expensive alarm, granted with a certification from the French standard, level 2 (NF&A2P**).

The NF&A2P certification (Norme Française Alarme Prévention Protection, sometimes spelled NF A2P or NFA2P) designates a French standard that assesses the level of efficiency and resistance of alarm systems. The two stars indicate one of the most secure level against burglars (NF&A2P Referential).

But how does it stand against digital attacks?

Lire la suite