SShortSingh.
Back to feed

Developer Builds Offline Browser Extension to Analyze Cisco SD-WAN Auth Bypass CVE-2026-20127

0
·1 views

A developer has created an offline, enterprise-grade browser extension called CVE-2026-20127 Defensive Companion to help SOC teams analyze a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controllers (vSmart). The vulnerability, tracked as CVE-2026-20127, exploits a flaw in DTLS handshake state machine validation within the vdaemon service, allowing unauthorized actors to bypass X.509 certificate authentication. Built on Manifest V3, the extension operates entirely without external API calls, using 17 segmented JSON intelligence domains to power an offline NLP engine that answers natural-language queries about detection and remediation. It also includes an interactive Protocol Explorer, a packet anatomy viewer for the forged CHALLENGE_ACK_ACK message, and an on-demand Markdown threat report generator. The tool was submitted as part of a Weekend Challenge and is designed to make sophisticated protocol analysis accessible to security professionals without any cloud dependency.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Log in to join the discussion and vote.

Log in

Related stories

0
ProgrammingDEV Community ·

Developer Releases Two Open-Source CLI Tools for Personal Finance and Cybersecurity

A developer named Nishant has released two open-source projects, PocketPilot and Archangel Security Suite, aimed at solving everyday problems in personal finance and cybersecurity. PocketPilot is a lightweight, command-line budgeting tool built with Go, Cobra, and SQLite that stores financial data locally, prioritizing user privacy over cloud-based ecosystems. Archangel Security Suite is a developer-friendly security toolkit focused on defensive security, automation, and raising vulnerability awareness throughout the software development lifecycle. Both projects are publicly hosted on GitLab and are open to community contributions including new features, testing, and documentation. The tools share a common philosophy that technology should give users greater control and confidence over their digital lives.

0
ProgrammingDEV Community ·

Developer Documents Multi-Day AWS Lambda and X API OAuth Integration Battle

A software developer set out to build an autonomous AI-powered content engine on AWS that could generate and post Wizarding World-themed content to X without human involvement. What appeared to be a simple weekend project — posting a single tweet from AWS Lambda — quickly became a complex struggle with X's multiple authentication methods. The developer initially used a Bearer Token, which returned 403 Forbidden errors, before discovering that posting tweets requires OAuth 2.0 User Context credentials representing an actual user, not just an application. A breakthrough came when switching from the tweet endpoint to a user-verification endpoint, which confirmed successful authentication for the first time. However, a new obstacle emerged when media uploads continued to fail with 403 errors, pointing to yet another layer of API permission requirements.

0
ProgrammingDEV Community ·

DevSwitch Automates SSH Key and Git Profile Management Across Multiple Accounts

Developers managing multiple GitHub accounts on a single machine have long relied on manual SSH config edits and folder-based identity routing, a process prone to misattributed commits and permission errors. A developer has built DevSwitch, a free, open-source desktop app and CLI tool, to automate this workflow on macOS, Windows, and Linux. The tool handles ED25519 key generation, uploads public keys to GitHub via OAuth, and switches Git identities instantly without requiring projects to be stored in specific folders. DevSwitch updates both global and local Git configurations and loads the correct SSH key into the agent with a single command or click. The app is available for free download at devswitch.in, installable via npm, and stores all data locally without transmitting private keys externally.

0
ProgrammingDEV Community ·

Developers Debate Best Practices for Managing AI Agent Skills Across Projects

A developer new to Agent Skills has raised practical questions about managing the growing complexity of skill files in AI-assisted workflows. Key concerns include how to avoid accumulating unnecessary skill files and deciding which resources genuinely add value to a project. The developer also questions how to keep locally stored skill files current as their upstream sources evolve over time. Portability is another challenge, with uncertainty around whether Git repositories or curated install lists are the best way to sync skills across projects and devices. The post invites the broader developer community to share established tools or workflows that address these management challenges.

Developer Builds Offline Browser Extension to Analyze Cisco SD-WAN Auth Bypass CVE-2026-20127 · ShortSingh