WolfVision Cynap before 1.30j uses a static, hard-coded cryptographic secret for generating support PINs for the 'forgot password' feature. By knowing this static secret and the corresponding algorithm for calculating support PINs, an attacker can reset the ADMIN password and thus gain remote access.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/153530/WolfVision-Cynap-1.18g-1.28j-Hardcoded-Credential.html | Exploit Third Party Advisory |
http://seclists.org/fulldisclosure/2019/Jul/9 | Exploit Third Party Advisory |
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-021.txt | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-07-05T19:33:50
Updated: 2019-07-10T17:06:05
Reserved: 2019-07-05T00:00:00
Link: CVE-2019-13352
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-07-05T20:15:14.297
Modified: 2019-07-15T16:03:15.177
Link: CVE-2019-13352
JSON object: View
Redhat Information
No data.
CWE