UniFi Credential Disclosure Scanner

UniFi is a popular networking device used by businesses and homes to manage and configure network devices like routers, security gateways, and access points. It provides a unified platform for delivering high-performance and reliable wired and wireless networks supported by Ubiquiti's advanced features. Users rely on UniFi to ensure smooth connectivity, manage network traffic, and enable secure networking. The UniFi platform attracts IT professionals and network administrators with its comprehensive management and monitoring capabilities. Its ease of configuration makes it a favored choice for setting up elaborate network systems. Due to its wide adoption, vulnerabilities within the platform can significantly impact network security.

The Credential Disclosure vulnerability in UniFi allows unauthorized users to access sensitive credential material. This unauthenticated access occurs via a GET request at a specific API endpoint. Through exploiting this vulnerability, attackers can obtain private keys and other important data. If the vulnerability is not patched, it allows malicious actors to bypass security protocols. Credential Disclosure vulnerabilities can lead to severe data breaches. Maintaining appropriate security measures is critical to preventing unauthorized access.

The disclosure vulnerability stems from the API endpoint "/api/v1/user_assets/touch_pass/keys" being publicly accessible. An unauthenticated GET request to this endpoint returns JSON data that includes sensitive information. The present security flaw includes exposure of private keys, NFC credentials, and additional critical information. Such vulnerable endpoints can allow credential theft if left unaddressed. It is important for administrators to apply immediate fixes and monitor network traffic. Understanding how this endpoint behaves and securing it appropriately can prevent unauthorized access.

When exploited, this vulnerability may lead to unauthorized access to network devices managed by UniFi. Hackers can gain access to sensitive data, impacting the overall security posture of an organization. The misuse of disclosed credentials can further result in unauthorized network modifications. Compromised credentials pose a threat to privacy and data integrity within the network. Immediate corrective actions must be taken to prevent potential breaches. Ensuring security measures and patching vulnerabilities are necessary for safeguarding networks.

REFERENCES

• https://www.catchify.sa/post/cve-2025-52665-rce-in-unifi-os-25-000