Author Topic: Horrendous Security Flaws I've encountered while working on a legacy SaaS app  (Read 2002 times)

0 Members and 1 Guest are viewing this topic.

Offline LiquidIce

  • Adherent
  • *
  • Posts: 52
    • View Profile
Not a security issue, but at work we have this basically NAS server that's responsible for pulling backups periodically from our production servers. It's not supposed to be production or anything so it has some archaic OEM distro on it. I had to make an edit to the backup procedure so I login, open up a file to edit, make a typo and get this:



For those who haven't used vim 'u' is the undo command. The version of vi is so old (or more likely is a shitty clone) that it literally doesn't have an undo. Unlike everywhere else in the world `vi` isn't symlinked to `vim`, so invoking vim is a little better only... it doesn't keep a history stack so multiple undos just cycled between undo and redo. I don't think shit was this bad even in the 80s, god damn.

I've only seen that when I was setting up some OpenWRT routers that have like 4mb of flash storage. That's quite a grandpa you guys are nursing there.

My own little backup story is that we also have a server that periodically runs rsync and backups stuff from production servers. I never accessed it, so it was out of sight, out of mind. During a meeting I asked about it so I knew how to set it up to backup new sites we make. During the intro it turned out that no backups have been done since January 2013 because of some silly error that I forget, but all the cron logs had hundreds of megabytes of a simple one line error. You could hear hearbeats, the room was so quiet.
Funny though, but no one who worked back then works here now, so I guess nobody just gave a fuck.