This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How was the SQL injection done? We blocked off admin login

We have the admin login only allowing logins from our HQ (IP limited). Yet, they have all been compromised?



This thread was automatically locked due to age.
Parents Reply
  • Hi Flo,

    I've to disagree.

    We have here three XG devices (2x XG85, 1x XG105) were we never configured or used the SPX encryption. The boxes not even had at any time a subscription for that. So it must be the default, that the SPX portal is exposed with TCP/8094 to "any" networks. Attached the screenshots for the SPX portal and Admin access menus of a box.

    I do not say, the SPX service itself is usable, it is just fishy that a service (awarrensmtp) is listening on that port and that there was the fix mentioning SQLi on spxd (NC-59300) in the last firmware.

    bye Josef

    BERGMANN engineering & consulting GmbH, Wien/Austria

Children