Full title: Seagate Central 2014.0410.0026-F Remote Facebook Access Token Exploit 
Category: web applications
Platform: hardware
Seagate Central stores linked Facebook account access tokens in /etc/archive_accounts.ser and this exploit takes advantage of two bugs - Passwordless root login via FTP to retrieve archive_accounts.ser file which contains access tokens and reuses the unencrypted and unprotected (-rw-r--r--) access tokens for a chosen scope to return data.

# 0day.today @ http://0day.today/