Shadi Habbal

Sounds perfect.

Nevermind, I have just RTFM.. but I am not seeing the logic of importing IPs first, than domains. The documentation says: > celerystalk determines whether each subdomain is in scope...

Hi, to my understanding, the session timeout settings can be controled in Moolticute under "Device Settings" > "Inactivity" > "Lock after X minutes of activity". By default, that is set...

Whatever floats the boat as long as one doesn't lose unsaved changes. Is it securely possible?

From a user point of view: the suggestion would work. The manual confirmation would prevent malicious connections from communicating with moolticuted if they are not authorized beforehand to do so....

> > > Unfortunately Qt Websocket API does not export HTTP headers to be used. They are only kept internally... I am not a programmer (anymore :)), but what about...

CVE-2019-12967 has been obtained for this. Will be public after 90 days (on September 19, 2019).

The PoC is now public: https://securiteam.io/2019/10/20/cve-2019-12967-moolticute-improper-access-control/

> > > @cwaazywabbit : i'm afraid you wouldn't be able to fetch the encrypted database though... when the device is in MMM other clients can't scan the DB. On...

The PoC doesn't actually depend on prompting users to enter MMM while they are legitimately trying to. It will simply attempt to connect to a device (this works even if...