lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <201607241129.u6OBTX82023515@sf01web2.securityfocus.com>
Date: Sun, 24 Jul 2016 11:29:33 GMT
From: alex_haynes@...look.com
To: bugtraq@...urityfocus.com
Subject: Neoscreen v4.5 Authentication bypass

Exploit Title: Neoscreen v4.5 Authentication bypass
Product: Neoscreen by Cube Digital Media
Vulnerable Versions: 4.5 and all previous versions
Tested Version: 4.5
Advisory Publication: July 24, 2016
Vulnerability Type: Authentication Bypass Issues [CWE-592]
CVE Reference: NONE
Credit: Alex Haynes

Advisory Details:


(1) Vendor & Product Description
--------------------------------

Vendor:
Cube Digital Media

Product & Version:
Neoscreen digital signage software v4.5

Vendor URL & Download:
http://www.cube-display.fr

Product Description:
"Neoscreen is an innovative, scalable and particularly powerful communication system. With just a few clicks, you can control all your dynamic display screens from your PC, wherever they may be in the world. "

(2) Vulnerability Details:
--------------------------
Several URL's of the admin interface of the neoscreen software do not perform session checks correctly, thereby allowing authentication bypass and allowing any user to access admin functions.

Proof of concept:
Any of the following URL's will allow access to the admin interface os the Neoscreen software, to admin functions that (among other things) allow the user to shutdown the screen completely, or wipe the database.

http://neoscreen/cubelocal/admin/shutdownMachine.asp
http://neoscreen/cubelocal/admin/stabilityControl.asp
http://neoscreen/cubelocal/modules/neoscreen/messages/basevide.asp
http://neoscreen/cubelocal/classe/index.asp

(3) Advisory Timeline:
----------------------
25/01/2016 - First Contact: vendor responds saying they are working on fix
24/02/2016 - Follow up e-mail to request fix timeline. No vendor response.
03/03/2016 - Follow up e-mail to request fix timeline.
04/03/2016 - Vendor responds saying fix will be available 14/03/2016.


(4)Solution:
------------
Upgrade to version 5 will fix this vulnerability.


(5) Credits:
------------
Discovered by Alex Haynes

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ