lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <200902101334.n1ADY3ur022720@www5.securityfocus.com>
Date: Tue, 10 Feb 2009 06:34:03 -0700
From: tez@...lsby.net
To: bugtraq@...urityfocus.com
Subject: Remote Authentication Bypass - Swann DVR4 SecuraNet (possibly
 DVR9 as well)

Dear BugTraq Readers,

It is possible to download the configuration containing usernames/passwords to this CCTV DVR which is being marketed by Swann Security (suspect that it is a rebranded AVTech unit)

[tez@...ris ~]$ curl http://192.168.2.100/../../var/run/vy_netman.cfg
<snip>Padmin111111

(the above are the default username/password on the unit; which I have yet to change - access to other units found via Google have demonstrated that this technique does work)

Once you have the username/password from this file, you can log in to the unit via http://[IP Address]/ and authenticate with those details.

It is strongly suggested that owners of these units secure them by configuring an IP-based ACL on their firewall/router in order to ensure that unwanted parties cannot view the cameras attached to this unit.

This vulnerability has been reported to Swann Security and as of yet, they have not published a firmware update for this nor responded to my request for access to firmware source under the terms of the GPL.

As per standard disclosure practices, the vendor was given 30 days to publish a patch/fix or announce this themselves - so far, they have not done so hence my own disclosure.

Regards,
Terry Froy
Spilsby Internet Solutions
http://www.spilsby.net/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ