Zero Science Lab » BEWARD Intercom 2.3.1 Credentials Disclosure

BEWARD Intercom 2.3.1 Credentials Disclosure

Title: BEWARD Intercom 2.3.1 Credentials Disclosure
Advisory ID: ZSL-2019-5505
Type: Local
Impact: Exposure of Sensitive Information, Security Bypass
Risk: (3/5)
Release Date: 27.01.2019

Summary

Multiaccessible User Operation, Electronic Lock Control, Real-Time Video, Two-Way Audio. The software is used for BEWARD IP video door stations control.

Description

The application stores logs and sensitive information in an unencrypted binary file called BEWARD.INTERCOM.FDB. A local attacker that has access to the current user session can successfully disclose plain-text credentials that can be used to bypass authentication to the affected IP camera and door station and bypass access control in place.

Vendor

Beward R&D Co., Ltd - https://www.beward.net

Affected Version

2.3.1.34471
2.3.0
2.2.11
2.2.10.5
2.2.9
2.2.8.9
2.2.7.4

Tested On

Microsoft Windows 10 Home (EN)
Microsoft Windows 7 SP1 (EN)

Vendor Status

[28.11.2018] Vulnerability discovered.
[30.11.2018] Vendor contacted.
[30.11.2018] Received automated confirmation of message receipt and assigned Ticket ID: NCG-690-71011.
[26.01.2019] No response from the vendor.
[27.01.2019] Public security advisory released.

PoC

beward_creds.py

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] https://www.beward.net/product/5411
[2] https://packetstormsecurity.com/files/151345
[3] https://cxsecurity.com/issue/WLB-2019010265
[4] https://www.exploit-db.com/exploits/46267
[5] https://exchange.xforce.ibmcloud.com/vulnerabilities/156274

Changelog

[27.01.2019] - Initial release
[29.01.2019] - Added reference [2], [3] and [4]
[31.01.2019] - Added reference [5]

Contact

Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk