WALL OF SHEEP

WHAT IS THE WALL OF SHEEP?

Traditionally, the Wall of Sheep is an interactive demonstration of what can happen when network users let their guard down. We passively observe the traffic on a network, looking for evidence of users logging into email, web sites, or other network services without the protection of encryption. Those we find get put on the Wall of Sheep as a good-natured reminder that a malicious person could do the same thing we did . . . with far less friendly consequences. More importantly, we strive to educate the “sheep” we catch to prevent leaks in the future.

Now I use the term Wall of Sheep to denote the list of security issues that were “passively” observed when I was enjoying my security research as well as ethical hacking.

SHEEPS I CAUGHT

CVE-2019-13623 Ghidra Arbitrary Code Execution

CVE-2019-13624 ONOS Remote Command Execution

CVE-2018-1132 Opendaylight’s SDNInterfaceapp module SQL injection.

CVE-2018-15595 Opendaylight’s TSDR Module Denial of Service

CVE-2018-1999020 ONOS Controller Directory Traversal

CVE-2018-1000614 ONOS Controller Notification XXE

CVE-2018-1000615 ONOS Controller OVSDB Remote Denial of Service

CVE-2018-1000616 ONOS Controller XMLCONFIGPARSER XXE

CVE-2018-1000617 Atlassian Floodlight Controller Remote Denial of Service

CVE-2018-1000163 Atlassian Floodlight Controller Web Console Cross-Site Scripting