Author: Grace Naces

ANTlabs
  • Home
  • Blog
  • Author: <span>Grace Naces</span>
  • Advisory: SQL Injection and Reflected Cross Site Scripting Vulnerabilities (CVE-201502849 and CVE-2015-2850)

    Publication Date: 06 Jul 2015 Description SQL Injection Vulnerability A vulnerability which allows user to perform queries on the underlying datastore via ppli URL parameter of the default login page main.ant; CVE-2015-2849 Cross-Site Scripting Vulnerability A reflected cross-site scripting vulnerability exists in the msg URL parameter of the admin login page index-login.ant; CVE-2015-2850 Impact A remote […]

  • Like for Access: 3 Benefits of Social WiFi in Hotels

    To the savvy traveller, few things rival the importance of staying connected – to stay in touch with family, share their adventures live with friends, or keep tabs on work. Good Internet connectivity will always be one of the first things travellers look for abroad, sometimes even before comfort. And it better be free – people […]

  • Advisory: Rsync remote file system access vulnerability CVE-2015-0932

    Security Advisory Updated: 12 Jan 2022 Publication Date: 26 March 2015 Description An incorrect rsync configuration on certain models of our gateway products allows an external system to obtain unrestricted remote read/write file access. Impact A remote unauthenticated user with unrestricted access to the rsync port to affected gateway products may be allowed full read/write […]

  • UPDATE on Vulnerability CVE-2015-0932

    We would like to proactively inform you about a zero-day vulnerability found with some of our InnGate HSIA gateways. We also would like to update you that a fix for the vulnerability is already available since 26 Mar 2015 and that we are actively working with our partners to patch your InnGate to secure it. […]

  • IG 3100 now lets you get Internet access via Facebook login

    We are pleased to announce that Internet access may now be provisioned via Facebook login on the IG 3100. This feature is part of the IG 3100’s Patch 06 and is available as a free upgrade. It allows administrators to add a new authentication method to the built-in login portal which enables users to login […]

  • Advisory: Glibc Vulnerability

    A buffer overflow vulnerability in the glibc gethostbyname() function was publicly announced on January 27, 2015. The issue is identified by CVE-2015-0235 and was given the name “Ghost.” The ANTlabs Engineering Team started investigating this issue immediately. This vulnerability is related to the various gethostbyname functions included in glibc and affect applications that call these functions. […]

  • Advisory on SSL3 ‘Poodle’ vulnerability

    The “Poodle” vulnerability, released on October 14th, 2014, is an attack on the SSL 3.0 protocol. It is a protocol flaw and every implementation of SSL 3.0 suffers from it. Note that we are talking about the old SSL 3.0, not TLS 1.0 or later. The TLS versions are not affected (neither is DTLS) by […]

  • Advisory: ShellShock Bash Vulnerability

    Please be informed that ANTlabs products are not affected by “ShellShock” Bash Vulnerability. This is mainly because our products are appliance-based and do not use bash for console shell access. Administrators use ANTlabs’ own customised shell (that is not subject to the ShellShock Bash vulnerability) to access the command line interface. In addition, these products […]

  • ANTlabs launches IG 3101; Enhances Network Resiliency

    ANTlabs recently released IG 3101, a full-featured gateway that is aimed at letting service providers manage user accounts and bandwidth for small guest networks such as those in boutique hotels, 150-room properties and 3-star hotels. This is an upgrade from the 2013 IG 3100 release and it features LAN bypass, which improves network resiliency. LAN bypass […]

  • Advisory on OpenSSL Heartbleed Bug

    Please be informed that our gateways do not suffer from the recently reported SSL vulnerability also known as Open SSL Heartbleed Bug. The SSL keys used in our products are not generated using the affected libraries. Thank you.