lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <201302050554.r155s7vp007937@sf01web2.securityfocus.com>
Date: Tue, 5 Feb 2013 05:54:07 GMT
From: doylej.ia@...il.com
To: bugtraq@...urityfocus.com
Subject: CVE-2012-6451 Authentication Bypass in LOREX IP Cameras

Product: Lorex LNC116 and LNC104 IP Cameras
Vendor: LOREX Technology Inc.
Vulnerability Type: Authentication Bypass
Vulnerable Firmware Version(s): 030312 and earlier
Tested Firmware Version: 030312
Fixed Firmware Version: 030405
Solution Status: Fixed by Vendor
Vendor Notification: December 22, 2012 
Public Disclosure: February 5, 2013
CVE Reference: CVE-2012-6451
Credit: Jason Doyle / Twitter @jasond0yle

Advisory Details:
The camera’s web interface uses HTTP Basic for authentication, but authentication details are only validated on the 

home login page. By forced browsing, or navigating directly to any valid URL on the web interface other than the 

homepage, it is possible to bypass authentication.

Risk:
It's possible to view the live video feed and/or change all configurable settings anonymously.
 
Proof of Concept:
Navigate directly to http://x.x.x.x/cgi-bin/display.cgi to view the camera’s live video feed anonymously.
 
Solution:
Upgrade to firmware version 030405.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ