Exploits / Vulnerability Discovered : 2022-03-22 |
Type : remote |
Platform : hardware
This exploit / vulnerability Ict protege gx/wx 2.08 clientside sha1 password hash disclosure is for educational purposes only and if it is used you will do on your own risk!
Summary: Protege GX is an enterprise level integrated access control, intrusion
detection and building automation solution with a feature set that is easy to
operate, simple to integrate and effortless to extend. Protege WX is an all-in-one,
web-based, cross-platform system that gives you a fully functional access control
and intrusion detection solution in a fraction of the time of conventional software.
With no software to install, setup is quick and simple. Connect the Controller and
system components, then open a web browser to launch the intuitive wizard-driven
interface which guides you through the process of configuring your system.
Desc: The application is vulnerable to improper access control that allows an
authenticated operator to disclose SHA1 password hashes (client-side) of other
users/operators.
Tested on: Microsoft-WinCE/6.00
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience