bug-bounty504
xss285
rce144
bragging-post119
account-takeover104
google96
open-source93
exploit88
csrf85
authentication-bypass80
facebook75
stored-xss74
microsoft71
privilege-escalation68
access-control66
ai-agents64
web-security63
reflected-xss63
cve60
writeup58
input-validation52
ssrf50
sql-injection49
smart-contract48
defi48
cross-site-scripting47
tool46
ethereum45
malware45
information-disclosure43
privacy43
api-security41
web-application38
phishing37
llm37
opinion36
burp-suite36
lfi35
automation35
web334
apple34
html-injection33
responsible-disclosure33
vulnerability-disclosure33
smart-contract-vulnerability33
machine-learning32
infrastructure32
waf-bypass31
browser31
code-generation31
0
7/10
This article reverse-engineers the UniFi inform protocol (port 8080) and discovers that while the AES-128-CBC encrypted payload requires per-device keys, the first 40 bytes of every packet are unencrypted and contain the device's MAC address at bytes 8-13. This plaintext MAC allows routing of inform traffic without decryption, enabling multi-tenant UniFi controller hosting on shared infrastructure.
reverse-engineering
network-protocol
ubiquiti
unifi
encryption
aes-128-cbc
routing
multi-tenancy
packet-analysis
plaintext-header
inform-protocol
device-identification
mac-address
tcp
http
UniFi
Ubiquiti
DigitalOcean
AES-128-CBC
DHCP Option 43
STUN
MongoDB
coturn