Would you buy a cellphone with a hardcoded password? Definitely not. I wouldn’t either.
But as is sometimes the case with non-mass-market devices, security can be overlooked in favor of convenience, even if in retrospect it’s clearly a mistake to do so. Fortunately, this story has a happy ending, thanks to responsible disclosure and quick vendor response.
While working on some older vulnerability signatures, I discovered multiple new input validation vulnerabilities in SearchBlox version 8.1.x and earlier which are listed below. As per our responsible disclosure policy I contacted the vendor, SearchBlox, and they fixed the issues.
SearchBlox is an enterprise class content search engine server built on top of Apache Lucene/Solr and Elasticsearch. It is used by more than 300 organizations across 30 countries. The solution can be used to search information in websites, e-commerce product catalogs, intranet applications, the cloud, and Salesforce.
