bug-bounty507
xss283
rce138
bragging-post117
account-takeover103
open-source93
google90
csrf85
exploit81
authentication-bypass79
stored-xss74
facebook72
privilege-escalation65
access-control65
ai-agents64
microsoft64
reflected-xss63
web-security63
writeup60
input-validation52
cve50
ssrf50
sql-injection48
defi48
cross-site-scripting47
smart-contract47
tool46
ethereum44
privacy42
information-disclosure41
api-security41
web-application38
llm37
burp-suite36
malware36
opinion36
automation35
lfi34
web334
smart-contract-vulnerability33
apple33
html-injection33
vulnerability-disclosure32
infrastructure32
machine-learning32
responsible-disclosure32
code-generation31
waf-bypass31
browser30
oauth30
0
7/10
This article reverse-engineers the UniFi inform protocol (port 8080) and discovers that while the AES-128-CBC encrypted payload requires per-device keys, the first 40 bytes of every packet are unencrypted and contain the device's MAC address at bytes 8-13. This plaintext MAC allows routing of inform traffic without decryption, enabling multi-tenant UniFi controller hosting on shared infrastructure.
reverse-engineering
network-protocol
ubiquiti
unifi
encryption
aes-128-cbc
routing
multi-tenancy
packet-analysis
plaintext-header
inform-protocol
device-identification
mac-address
tcp
http
UniFi
Ubiquiti
DigitalOcean
AES-128-CBC
DHCP Option 43
STUN
MongoDB
coturn