Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice

Embed this notice
ExperiencersInternational :shiver: (experiencer@lethallava.land)'s status on Wednesday, 10-Apr-2024 02:05:02 JST ExperiencersInternational :shiver:
in reply to
- asie
- Kevin Beaumont
@asie@mk.asie.pl @GossiTheDog@cyberplace.social tbh I'm not sure whether this bug is newly discovered considering Wiimmfi has used Wii U DNS for a bit

In conversation Wednesday, 10-Apr-2024 02:05:02 JST permalink
Embed this notice
asie (asie@mk.asie.pl)'s status on Wednesday, 10-Apr-2024 02:05:03 JST asie
- Kevin Beaumont
@GossiTheDog@cyberplace.social The wild part is that this exploit was introduced in a firmware update in 2021, with seemingly no actual usecase other than to be exploited?

https://github.com/PretendoNetwork/SSSL/

"As of 5.5.5, CA's crafted in a specific way may take a newly introduced alternate path for verification. This allows for a CA's signature to not be verified correctly. Instead, the Wii U simply checks if the CA matches one already known by the system, but not the signature or contents of the CA. We have no idea why this change was made, as it does not benefit Nintendo at all. It almost feels intentional."
In conversation Wednesday, 10-Apr-2024 02:05:03 JST permalink
Attachments
1. Domain not in remote thumbnail source whitelist: opengraph.githubassets.com
  
  GitHub - PretendoNetwork/SSSL
  
  Contribute to PretendoNetwork/SSSL development by creating an account on GitHub.

Feeds