AutoVera Security Issue

Discussion in 'AutoApps' started by Andrew Tierney, Mar 14, 2018.

  1. Andrew Tierney

    Andrew Tierney New Member

    Joined:
    Aug 3, 2016
    Messages:
    12
    Likes Received:
    0
    I am trying to diagnose an issue with one of my phones (unrelated to this post though) and I decided to see if the issue was related to the login credentials, so I got a phone that was working with Autovera and typed in a bogus password (12345) on the unit that worked and guess what -

    Autovera refreshed all my devices and it showed me everything inside my Vera (as well as some new stuff) OMG!!!! despite having a bogus password (12345)

    J: A bug report: If Autovera has working existing credentials and it has previously logged into a Vera unit, it will remain logged in EVEN IF YOU CHANGE THE PASSWORD in Autovera to an incorrect password.
     
  2. Andrew Tierney

    Andrew Tierney New Member

    Joined:
    Aug 3, 2016
    Messages:
    12
    Likes Received:
    0
    If you change the password in Vera then it will fail (old working credentials in Autovera vs New changed credentials in Vera) = fail = good
     
  3. joaomgcd

    joaomgcd Administrator Staff Member

    Joined:
    Feb 3, 2015
    Messages:
    9,476
    Likes Received:
    797
    Thank you for the report. Since you already had to enter the password once to make it work it's not that big of a security issue :) But nonetheless it would be something to fix, you're right! Does it still work even after a reboot?
     
: autovera

Share This Page