Hardcoded default passwords have been found in a popular building access control system, and the company behind the product has failed to release patches to fix the issue, according to researchers from cybersecurity company Tenable. Tenable said it discovered four vulnerabilities in a version of PremiSys, an access control system run by Manheim, Pennsylvania-based IDenticard. The most glaring flaw was hardcoded credentials providing administrator access to the entire service via an endpoint that controls the system. These credentials can be used by an attacker to dump contents of the badge system database, modify contents, or other various tasks with unfettered access. The flaw is made worse by the fact that users cannot change these credentials. Tenable recommends limiting traffic to this machine, but that may adversely affect how entire system works. Researchers for the Columbia, Maryland, company also found a different vulnerability that would allow attackers into a database of information stored on identification cards. An […]
The post Researchers find hardcoded passwords in popular building-access system appeared first on CyberScoop.
Continue reading Researchers find hardcoded passwords in popular building-access system→