Green Union NAS' wildcard certificates may cause private data leakage

TapTechNews July 6th news, previously, the new Green Union NAS product had caused a lot of discussions due to BUG. Now, the Bilibili up主 @a laid-back salted fish found that Green Union NAS provides wildcard certificates for the two domains *.ugnas.cloud and *.ugnas.com in its system control panel, which may lead to the leakage of users' private data.

Green Union provides wildcard certificates for these domains to facilitate users to customize the public network access domain name of the Green Union NAS and provide HTTPS encryption services, so that users can access the files saved in the NAS in the public network, but somehow the TLS certificate and private key here are all made public.

In response, the official Green Union said: This domain belongs to the UGOSPRO experience domain usage and has not been used on the official user equipment, and this certificate has been revoked at present.

Hello, we have located that this problem belongs to the experience account. There is no such certificate on the official user equipment, and this certificate and private key will not be used either. It will not have any impact on the official users. We have revoked the certificate of this experience account. The Green Union NAS private cloud team attaches great importance and strives to ensure the security of user data. Thank you for your support to the Green Union NAS private cloud.

In May this year, Green Union Technology launched nine new products of the NAS private cloud DXP series, and at the same time brought a brand-new self-developed NAS system UGOSPro, but the首发 of the new system did not reach the expected, and there were some Bugs that need time to fix, such as abnormal display of CPU temperature and excessive load of some products, and abnormal user account registration for some users. For details, please refer to the previous report of TapTechNews.