Zero Science Lab » QiHang Media Web (QH.aspx) Digital Signage 3.0.9 Cookie User Password Disclosure

QiHang Media Web (QH.aspx) Digital Signage 3.0.9 Cookie User Password Disclosure

Title: QiHang Media Web (QH.aspx) Digital Signage 3.0.9 Cookie User Password Disclosure
Advisory ID: ZSL-2020-5578
Type: Local/Remote
Impact: Exposure of Sensitive Information, Security Bypass
Risk: (3/5)
Release Date: 13.08.2020

Summary

Digital Signage Software.

Description

The application suffers from a cleartext transmission/storage of sensitive information in a cookie. This allows a remote attacker to intercept the HTTP Cookie authentication credentials via a man-in-the-middle attack.

Vendor

Shenzhen Xingmeng Qihang Media Co., Ltd. | Guangzhou Hefeng Automation Technology Co., Ltd. - http://www.howfor.com

Affected Version

3.0.9.0

Tested On

Microsoft Windows Server 2012 R2 Datacenter
Microsoft Windows Server 2003 Enterprise Edition
ASP.NET 4.0.30319
HowFor Web Server/5.6.0.0
Microsoft ASP.NET Web QiHang IIS Server

Vendor Status

[27.07.2020] Vulnerability discovered.
[28.07.2020] Vendor contacted.
[31.07.2020] No response from the vendor.
[10.08.2020] Vendor contacted.
[12.08.2020] No response from the vendor.
[13.08.2020] Public security advisory released.

PoC

qhsignage_cookie.txt

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] https://packetstormsecurity.com/files/158858
[2] https://exchange.xforce.ibmcloud.com/vulnerabilities/186770
[3] https://cxsecurity.com/issue/WLB-2020080059

Changelog

[13.08.2020] - Initial release
[14.08.2020] - Added reference [1], [2] and [3]

Contact

Zero Science Lab

Web: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk