Executive Summary
Summary | |
---|---|
Title | PolyVision RoomWizard insecurely stores Sync Connector Active Directory credentials and uses default administrative password |
Informations | |||
---|---|---|---|
Name | VU#870601 | First vendor Publication | 2011-01-07 |
Vendor | VU-CERT | Last vendor Modification | 2011-01-07 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#870601PolyVision RoomWizard insecurely stores Sync Connector Active Directory credentials and uses default administrative passwordOverviewThe PolyVision RoomWizard web based scheduling system with touch screen display contains two vulnerabilities that allow an unauthorized user to access the device console and Sync Connector Active Directory credentials.I. DescriptionThe PolyVision RoomWizard is a touch screen scheduling device with a web-based administrative interface. The Sync Connector feature allows the RoomWizard to communicate with Microsoft Exchange in an Microsoft Windows Actitve Directory (AD) environment. The Sync Connector AD credentials are disclosed in the content of a web page on the administrative interface. This vulnerability has been reported to be affected in RoomWizard firmware version 3.2.3.An additional issue exists in that the RoomWizard ships with a default password on the administrator account permitting console access via HTTP.
Referenceshttp://steelcase.polyvision.com/support/downloads-roomwiz.asp Thanks to Sean Lam for reporting this vulnerability. This document was written by Michael Orlando.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/870601 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-255 | Credentials Management |
50 % | CWE-200 | Information Exposure |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Hardware | 1 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
70389 | RoomWizard Admin Interface /admin/sign/DeviceSynch Sync Connector AD Credenti... RoomWizard contains a flaw that may lead to an unauthorized information disclosure. Â The issue is triggered when the administrative interface places the Sync Connector Active Directory (AD) credentials on a web form that is accessed over HTTP on port 80, which will disclose sensitive information to a remote attacker who reads the HTML source code of /admin/sign/DeviceSynch URI. |
70388 | RoomWizard Admin Account Default Password By default, RoomWizard installs with a default password. The administrator account has a password of roomwizard which is publicly known and documented. This allows attackers to trivially access the program or system and gain privileged access. |