BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//bsides-exeter-2026//talk//CXDETW
BEGIN:VTIMEZONE
TZID:GMT
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:GMT
TZOFFSETFROM:+0100
TZOFFSETTO:+0000
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T020000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:BST
TZOFFSETFROM:+0000
TZOFFSETTO:+0100
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-bsides-exeter-2026-CXDETW@pretalx.com
DTSTART;TZID=GMT:20260425T153000
DTEND;TZID=GMT:20260425T161000
DESCRIPTION:Vesta is a lightweight\, web-based control panel that simplifie
 s Linux server management\, appealing to users seeking an intuitive altern
 ative to traditional platforms like cPanel and Plesk. This presentation wi
 ll examine a critical flaw in Vesta: an admin takeover exploit resulting f
 rom reduced seed entropy in the Bash $RANDOM variable. By transforming wha
 t was once a theoretical attack into a practical one\, we successfully red
 uced the brute force domain of the seed by over 98%. This allows attackers
  to generate predictable random values\, compromising the security of pass
 words and tokens. We will discuss the implications of this vulnerability a
 nd highlight best practices for enhancing server security in real-world ap
 plications.
DTSTAMP:20260501T081654Z
LOCATION:Auditorium
SUMMARY:Vesta Admin Takeover - Exploiting reduced seed entropy in bash $RAN
 DOM - Adrian Tiron
URL:https://pretalx.com/bsides-exeter-2026/talk/CXDETW/
END:VEVENT
END:VCALENDAR