lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <OF39703BE8.AC74E1F9-ON48257E6E.005BC5EF-48257E6E.006290EA@ph.ibm.com>
Date: Thu, 25 Jun 2015 01:56:54 +0800
From: Federick Joe P Fajardo <fjpfajardo@...ibm.com>
To: bugtraq@...urityfocus.com
Subject: CVE-2015-4464 Insufficient Authorization Checks Request Handling Remote
 Authentication Bypass for Kguard Digital Video Recorders

CVEID: CVE-2015-4464

SUBJECT: Insufficient Authorization Checks Request Handling Remote 
Authentication Bypass for Kguard Digital Video Recorders

DESCRIPTION:  A deficiency in handling authentication and authorization 
has been found with Kguard 104/108/v2 models. While password-based 
authentication 
is used by the ActiveX component to protect the login page, all the 
communication 
to the application server at port 9000 allows data to be communicated 
directly 
with insufficient or improper authorization.

CVSS Base Score: 9.7
CVSS Temporal Score: 8.3
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:P/E:F/RL:U/RC:UR)

Affected Products and Versions

Kguard Digital Video Recorders: KG-SHA104/KG-SHA108/v2. Other variants 
that runs 
the same firmware from Zhuhai Raysharp Technology Co Ltd, are believed to 
be vulnerable.

Exploit / Proof of Concept:

https://goo.gl/L5ASRo

Remediation/Fixes

None.

Workarounds and Mitigations

See: [06]

References:

[01] http://www.securityfocus.com/archive/1/534830
[02] 
http://us.kworld-global.com/main/prod_in.aspx?mnuid=1306&modid=10&prodid=527
[03] http://osvdb.org/show/osvdb/119402
[04] http://osvdb.org/show/osvdb/119422
[05] http://osvdb.org/show/osvdb/119403
[06] 
https://www.academia.edu/11677554/Kguard_Digital_Video_Recorders_Multiple_Vulnerabilities

Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (9449 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ