EntryPass N5200 user creden Vulnerability (CVE-2014-8868)

EntryPass N5200 user creden Vulnerability (CVE-2014-8868)

Release date: 2014-12-01
Updated on: 2014-3 3

Affected Systems:
Entrypass N5200
Description:
Bugtraq id: 71384
CVE (CAN) ID: CVE-2014-8868

EntryPass N5200 is a multi-application control panel for the physical access control industry.

EntryPass N5200 Active Network Control Panels has the information leakage vulnerability in implementation, which allows attackers to obtain the current administrator username and password.

<* Source: RedTeam Pentesting GmbH (http://www.redteam-pentesting.de /)

Link: http://www.securityfocus.com/archive/1/534128
*>

Test method:

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
------------------------------------------------------------------------

$ Curl-s http://example.com/o | hexdump-C | head
------------------------------------------------------------------------

Suggestion:
Temporary solution:

If you cannot install or upgrade the patch immediately, NSFOCUS recommends that you take the following measures to reduce the threat:

* Access to Web interfaces is blocked at the network layer.

Vendor patch:

Entrypass
---------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:

Http://www.entrypass.net

This article permanently updates the link address: