Collaborate Disseminate
Multiple hardcoded passwords allow attackers to create badges to gain building entry, access video surveillance feeds, manipulate databases and more. Continue reading IDenticard Zero-Days Allow Corporate Building Access, Location Recon
Hardcoded default passwords have been found in a popular building access control system, and the company behind the product has failed to release patches to fix the issue, according to researchers from cybersecurity company Tenable. Tenable said it discovered four vulnerabilities in a version of PremiSys, an access control system run by Manheim, Pennsylvania-based IDenticard. The most glaring flaw was hardcoded credentials providing administrator access to the entire service via an endpoint that controls the system. These credentials can be used by an attacker to dump contents of the badge system database, modify contents, or other various tasks with unfettered access. The flaw is made worse by the fact that users cannot change these credentials. Tenable recommends limiting traffic to this machine, but that may adversely affect how entire system works. Researchers for the Columbia, Maryland, company also found a different vulnerability that would allow attackers into a database of information stored on identification cards. An […]
The post Researchers find hardcoded passwords in popular building-access system appeared first on CyberScoop.
Continue reading Researchers find hardcoded passwords in popular building-access system