HiDrive: Local Privilege Escalation via Insecure WCF endpoint

This blog post describes a security vulnerability found in the product HiDrive Desktop Client. HiDrive is the cloud storage solution of Berlin-based Strato, an internet hosting service. The HiDrive Desktop Client for Windows allows a customer to sync files and folders easily to the provided cloud solution. The core components of the HiDrive client is also used by other internet and cloud providers such as Telekom and 1&1. Introduction During some personal research at the beginning of February, a critical vulnerability in HiDrive was discovered....

April 25, 2019 · 11 min · dhn