| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 3 May 2019 07:27:03 +0000 (UTC) From: InfoSec News <alerts@...osecnews.org> To: isn@...ts.infosecnews.org Subject: [Newsletter/Marketing] [ISN] Hundreds of Orpak gas station systems can be easily hacked thanks to hardcoded passwords https://techcrunch.com/2019/05/02/orpak-gas-station-password/ By Zack Whittaker TechCrunch May 2, 2019 Homeland Security’s cybersecurity agency says a popular gas station software contains several security vulnerabilities that require “low skill” to exploit. The advisory, posted by the Cybersecurity and Infrastructure Security Agency (CISA), gave the Orpak SiteOmat software a rare vulnerability severity rating of 9.8 out of 10. Orpak’s SiteOmat systems monitor the amount of fuel stored in a gas station’s tanks, as well as their temperature and pressure. The software also sets the price of the gas and processes card payments. Its user interface is password protected, preventing unauthorized access to its data or configuration. According to the advisory, the software contained a hardcoded password set by the manufacturer, which if used would grant unfettered access to the system. CISA didn’t publish the password. [...] -- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Powered by blists - more mailing lists