Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-35513: Releases · todbot/Blink1Control2

The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage.

CVE
Open in Source
#web#mac#windows#apple#ubuntu#linux#debian#git#intel#ssl

Download the preferred version for your platform:

  • Mac

    • Blink1Control2-2.2.9-mac-x64.dmg - Mac Intel DMG disk installer
    • Blink1Control2-2.2.9-mac-x64.zip - Mac Intel zip file
    • Blink1Control2-2.2.9-mac-arm64.dmg - Mac Apple Silicon DMG disk installer
    • Blink1Control2-2.2.9-mac-arm64.zip - Mac Apple Silicon zip file

  • Windows

    • Blink1Control2-2.2.9-win.exe - Windows installer (32-bit and 64-bit)
    • Blink1Control2-2.2.9-win-x64.zip - Windows “portable” zip (64-bit)
    • Blink1Control2-2.2.9-win-ia32.zip - Windows “portable” zip (32-bit)

  • Linux x86

    • Blink1Control2-2.2.9-linux.tar.gz - Linux x86 64-bit tarball
    • Blink1Control2-2.2.9-linux-amd64.deb - Linux x86 64-bit Debian package

  • Raspberry Pi

    • Blink1Control2-2.2.9-linux-armv7l.deb - Linux RaspberryPi Arm7l 64-bit Debian package

Fixes in this release:

  • Upgrade encryption used in Event Rules with passwords (GMAIL, IMAP, etc) #175
  • Improve HTTP API server error handling when presented with bad query params #174
  • Turn off HTTP API endpoint /blink1/inputs for increased security #174
  • Allow “instant” color changes in Color Picker and Big Buttons with fadeTime = 0.0 seconds, min was 0.1 seconds #173
  • Show HTTP API accesses in Recent Events log #172
  • Allow IFTTT Event Source to follow redirects for HTTP -> HTTPS conversion #171
  • Add HTTP API endpoint /blink1/enumerate to cause USB rescan #170
  • HTTP API endpoint /blink1/patterns now show per-pattern repeats and playing attributes #169
  • Some blink(1) mk2 devices that were not detected in 2.2.8 now are #168, #166

Full Changelog: v2.2.8…v2.2.9

Download the preferred version for your platform:

  • Mac

    • Blink1Control2-2.2.8-mac-x64.dmg - Mac Intel DMG disk installer
    • Blink1Control2-2.2.8-mac-x64.zip - Mac Intel zip file
    • Blink1Control2-2.2.8-mac-arm64.dmg - Mac Apple Silicon DMG disk installer
    • Blink1Control2-2.2.8-mac-arm64.zip - Mac Apple Silicon zip file

  • Windows

    • Blink1Control2-2.2.8-win.exe - Windows installer (32-bit and 64-bit)
    • Blink1Control2-2.2.8-win-x64.zip - Windows “portable” zip (64-bit)
    • Blink1Control2-2.2.8-win-ia32.zip - Windows “portable” zip (32-bit)

  • Linux x86

    • Blink1Control2-2.2.8-linux.tar.gz - Linux x86 64-bit tarball
    • Blink1Control2-2.2.8-linux-amd64.deb - Linux x86 64-bit Debian package

  • Raspberry Pi

    • Blink1Control2-2.2.8-linux-armv7l.deb - Linux RaspberryPi Arm7l 64-bit Debian package

Fixes in this release:

  • Ubuntu 22 crash #166
  • Cannot control multiple blink(1) devices correctly #168

Other changes:

  • BigButton assigned blink(1) device radio menu shows default selection better
  • blink(1) serial number selection works correctly for certain blink(1)s w/ serial numbers w/ lower case hex digits
  • Update Electron 12 -> 18
  • Update build tools: webpack 3.3 -> 4.1, babel 7.10 -> 7.16

Download the preferred version for your platform:

  • Mac

    • Blink1Control2-2.2.7-mac-x64.dmg - Mac Intel DMG disk installer
    • Blink1Control2-2.2.7-mac-x64.zip - Mac Intel zip file
    • Blink1Control2-2.2.7-mac-arm64.dmg - Mac Apple Silicon DMG disk installer
    • Blink1Control2-2.2.7-mac-arm64.zip - Mac Apple Silicon zip file

  • Windows

    • Blink1Control2-2.2.7-win.exe - Windows installer (32-bit and 64-bit)
    • Blink1Control2-2.2.7-win-x64.zip - Windows “portable” zip (64-bit)
    • Blink1Control2-2.2.7-win-ia32.zip - Windows “portable” zip (32-bit)

  • Linux x86

    • Blink1Control2-2.2.7-linux.tar.gz - Linux x86 64-bit tarball
    • Blink1Control2-2.2.7-linux-amd64.deb - Linux x86 64-bit Debian package

  • Raspberry Pi

    • Blink1Control2-2.2.7-linux-armv7l.deb - Linux RaspberryPi Arm7l 64-bit Debian package

Fixes in this release

  • Fix Script and File forms to allow file or script selection in some instances, #161
  • Disallow multiple instances (again), #165

Fix Script and File forms

Download the preferred version for your platform:

  • Mac

    • Blink1Control2-2.2.5-mac-x64.dmg - Mac Intel DMG disk installer
    • Blink1Control2-2.2.5-mac-x64.zip - Mac Intel zip file

  • Windows

    • Blink1Control2-2.2.5-win.exe - Windows installer (32-bit and 64-bit)
    • Blink1Control2-2.2.5-win-x64.zip - Windows “portable” zip (64-bit)
    • Blink1Control2-2.2.5-win-ia32.zip - Windows “portable” zip (32-bit)

  • Linux

    • Blink1Control2-2.2.5-linux.tar.gz - Linux 64-bit tarball
    • Blink1Control2-2.2.5-linux-amd64.deb - Linux x86 64-bit Debian package

Fixes:

  • Fix “cert expired” error by updating electron from 8.3.4 to 12.2.2 to Lets Encrypt X3 DST cert

Download the preferred version for your platform:

  • Mac

    • Blink1Control2-2.2.4-mac.dmg - Mac DMG disk installer
    • Blink1Control2-2.2.4-mac.zip - Mac zip file

  • Windows

    • Blink1Control2-2.2.4-win.exe - Windows installer (32-bit and 64-bit)
    • Blink1Control2-2.2.4-win-x64.zip - Windows “portable” zip (64-bit)
    • Blink1Control2-2.2.4-win-ia32.zip - Windows “portable” zip (32-bit)

  • Linux

    • Blink1Control2-2.2.4-linux.tar.gz - Linux 64-bit tarball
    • Blink1Control2-2.2.4-linux-amd64.deb - Linux x86 64-bit Debian package
    • Blink1Control2-2.2.4-linux-x86_64.AppImage - Linux x86 64-bit AppImage

Changes/Fixes in this release:

  • Issue #143: Alarms set for 12:xx am or 12:xx pm fire at the wrong time
  • Issue #142: Add /blink1/lastColor API endpoint
  • Issue #141: API query args to specify blink1_id not congruent
  • Issue #106 and others: “Start at login” not working on Windows (hopefully fixed now)

Also, updated to Electron v8, updated node-hid and node-blink1, updated Mac and Windows app signing process.

Download the preferred version for your platform:

  • Mac

    • Blink1Control2-2.2.3-mac.dmg - Mac DMG disk installer
    • Blink1Control2-2.2.3-mac.zip - Mac zip file

  • Windows

    • Blink1Control2-2.2.3-win.exe - Windows installer (32-bit and 64-bit)
    • Blink1Control2-2.2.3-win-x64.zip - Windows “portable” zip (64-bit)
    • Blink1Control2-2.2.3-win-ia32.zip - Windows “portable” zip (32-bit)

  • Linux

    • Blink1Control2-2.2.3-linux.tar.gz - Linux 64-bit tarball
    • Blink1Control2-2.2.3-linux-amd64.deb - Linux x86 64-bit Debian package
    • Blink1Control2-2.2.3-linux-x86_64.AppImage - Linux x86 64-bit AppImage

Changes/Fixes in this release:

  • Issue #116: Crash when using non-allowed accelerator key for “Reset Alerts”
  • Issue #115: blink(1) flashing gets slower when main window is minimized
  • Update node-hid & node-blink1 to latest
  • Add ability to set “nightlight mode” aka “no-computer mode” in Prefs page :

Download the preferred version for your platform:

  • Mac

    • Blink1Control2-2.2.2-mac.dmg - Mac DMG disk installer
    • Blink1Control2-2.2.2-mac.zip - Mac zip file

  • Windows

    • Blink1Control2-2.2.2-win.exe - Windows installer (32-bit and 64-bit)
    • Blink1Control2-2.2.2-win-x64.zip - Windows zip (64-bit)
    • Blink1Control2-2.2.2-win-ia32.zip - Windows zip (32-bit)

  • Linux

    • Blink1Control2-2.2.2-linux.tar.gz - Linux 64-bit tarball
    • Blink1Control2-2.2.2-linux-amd64.deb - Linux x86 64-bit Debian package
    • Blink1Control2-2.2.2-linux-x86_64.AppImage - Linux x86 64-bit AppImage

Changes//Fixes in this release:

  • Issue #98 – can’t right-click BigButtons, add new UI element for non-right-click folk
  • Issue #106 – error on startup in some situations
  • Issue #108 – not detecting some Skype events
  • Issue #109 – allow CORS requests to HTTP API server
  • Issue #114 – IMAP “use SSL” button was broken
  • package updates
    • Electron v3 -> v4
    • Babel v6 -> v7
    • Webpack v1 -> v4

Blink1Contro2 v2.2.1

Download the preferred version for your platform:

  • Mac

    • Blink1Control2-2.2.1-mac.dmg - Mac DMG disk installer
    • Blink1Control2-2.2.1-mac.zip - Mac zip file

  • Windows

    • Blink1Control2-2.2.1-win.exe - Windows installer (32-bit and 64-bit)
    • Blink1Control2-2.2.1-win-x64.zip - Windows zip (64-bit)
    • Blink1Control2-2.2.1-win-ia32.zip - Windows zip (32-bit)

  • Linux

    • Blink1Control2-2.2.1-linux.tar.gz - Linux 64-bit tarball
    • Blink1Control2-2.2.1-linux-amd64.deb - Linux x86 64-bit Debian package
    • Blink1Control2-2.2.1-linux-x86_64.AppImage - Linux x86 64-bit AppImage

Changes in this release:

  • BigButtons: add context button as alternative to right-click, fix right-click (#98)
  • Fix /blink1/{on,off} for multiple blink(1) devices (#104)
  • Betting input validation on “secs” field in color chooser (#102)
  • Improve meta-pattern parsing for file/script/url event sources (#101)
  • Update to electron 1.8.8, electron-builder 20.36.2, electron-updater 4.0.4

Download the preferred version for your platform:

  • Mac
    • Blink1Control2-2.2.0-mac.dmg - Mac DMG disk installer
    • Blink1Control2-2.2.0-mac.zip - Mac zip file
  • Windows
    • Blink1Control2-2.2.0-win.exe - Windows installer (32-bit and 64-bit)
    • Blink1Control2-2.2.0-win.zip - Windows zip (64-bit)
    • Blink1Control2-2.2.0-ia32-win.zip - Windows zip (32-bit)
  • Linux
    • Blink1Control2-2.2.0-linux-amd64.deb - Linux x86 64-bit Debian package
    • Blink1Control2-2.2.0-linux-x86_64.AppImage - Linux x86 64-bit AppImage

Related news

Blink1Control2 2.2.7 Weak Password Encryption

Blink1Control2 version 2.2.7 suffers from a weak password encryption vulnerability.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE