| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4128d693-03db-43b7-9c25-6974514d53da@cloudaware.eu> Date: Mon, 2 Dec 2024 17:30:45 +0100 From: Jeroen Hermans via Fulldisclosure <fulldisclosure@...lists.org> To: fulldisclosure@...lists.org Cc: Emiel van Berlo <emiel@...ego.nl> Subject: [FD] Access Control in Paxton Net2 software CloudAware Security Advisory [CVE pending]: Potential PII leak and incorrect access control in Paxton Net2 software ======================================================================== Summary ======================================================================== Insecure backend database in the Paxton Net2 software. Possible leaking of PII incorrect access control. No physical access to computer running Paxton Net2 is required. ======================================================================== Product ======================================================================== * Paxton Net2 (all current versions) ======================================================================== Detailed description ======================================================================== By exploiting MSSQL single usermode it is possible to gain administrator rights to the Net2 database. In this database plaintext PIN codes for building entrance can be found and changed. It is also possible to add users to the system and enable/disable users in the system. By reading tables in the MSSQL table PII is leaked. In order to gain access local access to the computer running Net2 is necessary, but this can also be over a network using e.g. Anydesk which makes physical access not necessary. The vendor has not acknowledged the vulnerability after contact. There is no fix planned. ======================================================================== Solution ======================================================================== As the vendor has not acknowledged the vulnerability there is no effective remediation for this vulnerability. The most effective measure at this moment is closely monitoring who has local access to the machine running the Net2 software. ======================================================================== Mitigation ======================================================================== There is no known effective mitigation. Limiting who has local access to the machine running the Net2 software seems the most effective measure. ======================================================================== Weblinks ======================================================================== It has been decided not to release the exploit code yet as there is no mitigration possible. Discoverers are willing to share exploit code at request to help with mitigration. ======================================================================== Discoverers ======================================================================== Jeroen Hermans, CloudAware j.hermans[at]cloudaware[dot]eu Emiel van Berlo, Danego emiel[at]danego[dot]nl ======================================================================== History ======================================================================== Nov 12 2024: Requested latest Net2 software from Paxton Nov 26, 2024: Obtained latest Net2 software for other source Nov 26, 2024: Informed Paxton about vulnerability Nov 27, 2024: Release of exploit code Dec 2, 2024: Refused CVE reservation by Paxton & request of CVE reservation directly at Mitre Download attachment "OpenPGP_0x52DD23305307A27C.asc" of type "application/pgp-keys" (671 bytes) Download attachment "OpenPGP_signature.asc" of type "application/pgp-signature" (237 bytes) _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists