Follow
The #MobileIron advisory is now public. Cyberbullying vendors into doing the right thing is my community service.
CVSS 10. “Remote unauthenticated API access”. #threatintel
This one is completely nuts btw, I set up a honeypot and it’s already being probed via the API - which allows admin access and is completely unauthenticated, apparently nobody ever pentested one of the most widely used MDM solutions.