← Advisories

ICT Protege GX/WX 2.08 Client-Side SHA1 Password Hash Disclosure

Medium

Advisory ID

ZSL-2022-5700

Release Date

21 March 2022

Vendor

Integrated Control Technology Ltd. - https://www.ict.co

Affected Version

GX: Ver: 2.08.1002 K1B3, Lib: 04.00.217, Int: 2.3.235.J013, OS: 2.0.20, WX: Ver: 4.00 284 H062, App: 02.08.766, Lib: 04.00.169, Int: 02.2.208

CVE

CVE-2022-29731

Tested On

Microsoft-WinCE/6.00

Summary

Protege GX is an enterprise level integrated access control, intrusion detection and building automation solution with a feature set that is easy to operate, simple to integrate and effortless to extend. Protege WX is an all-in-one, web-based, cross-platform system that gives you a fully functional access control and intrusion detection solution in a fraction of the time of conventional software. With no software to install, setup is quick and simple. Connect the Controller and system components, then open a web browser to launch the intuitive wizard-driven interface which guides you through the process of configuring your system.

Description

The application is vulnerable to improper access control that allows an authenticated operator to disclose SHA1 password hashes (client-side) of other users/operators.

Proof of Concept

protege_hash.txtTXT

Disclosure Timeline

08.02.2022Vulnerability discovered.

08.02.2022Vendor contacted.

08.02.2022Vendor responds asking if we are Certified Protégé Installers.

08.02.2022Replied to the vendor.

16.02.2022Vendor's technical support are online for Certified Protégé Installers only.

16.02.2022Further explanation provided to the vendor.

18.02.2022Vendor suggests to contact the incumbent security system installer and work with them to get our ticket logged.

21.03.2022Public security advisory released.

Credits