|
|
|
|
|
|
by technothrasher
1472 days ago
|
|
|
That is a vulnerability in the front panel. The front panel is deciding based on the reply from the 'enter factory code' command that it is ok to send the 'reset user code' command. The front panel should not be making decisions like that. The front panel should not be sending commands at all. |
|
|
The vuln is in the back of the panel because it's accepting the reset code command. The front panel isn't vulnerable because it's not a trusted component here anyway, the bypass actually just talks directly to the back panel.
You are however correct that the front panel probably shouldn't be sending an actual reset code command, but that is really a protocol level problem not specifically a front panel issue. It's possible to make that safe by having the back panel first transition into appropriate state upon being primed with existing code or valid factory code before accepting the reset command but an even better fix is to couple both the validation of the existing code + the desired new code into a single command that is validated in one shot.