Subscriber Discussion

Thursday August 24 2017

Avatar
Brian Karas
Aug 25, 2017
IPVM

Edits to Bannerman and Dumbo posts.

Spent some more time looking at Hikvision iVM4200 password stuff, and emailed Bob on same.

Looks like iVMS4200 stores password, and other info, in a sqllite database

It is possible to engineer a hack where an attacker can insert a USB drive that auto-runs a script (granted, this CAN be disabled on Windows, if users are aware of how to do it) that would read the DB, extract the password string, and possibly decrypt it. I don't think we will get into this depth in the report, but the whole way Hik manages this (and possibly other stored credentials for attached NVRs) is really weak.

Going through recent survey posts, tallied up data for favorite recorder, sent graphics request to Lightning, arranging quotes, etc.

 

JH
John Honovich
Aug 25, 2017
IPVM

Looks like iVMS4200 stores password, and other info, in a sqllite database

How is it stored? Encrypted or?

Avatar
Brian Karas
Aug 25, 2017
IPVM
In reply to John Honovich

The admin password is encrypted in that reversible format.

 

Avatar
Brian Rhodes
Aug 25, 2017
IPVMU Certified

Did Class 12

Updated page for end-of-class events

I was a heavy email/member support day too

I downloaded iVMS-4200 v2.6.2.6 for cursory look at access, more screenshots to upload.  Initial impressions aren't bad, but Hikvision added some features (like elevator controls and cross linking rules) they aren't likely to use too often if the aren't UL 294 certified, because most SMBs don't need/care advanced features.

Will send key lessons to class tomorrow, and update final exam questions

Avatar
Rob Kilpatrick
Aug 25, 2017
IPVM • IPVMU Certified

helped with wrap up of the FrontRow report.

Camera class.

Set up the lorex DVR and connected the rest of the cameras in the conference room. Tested signal strength / how far the cameras can be from the hub before they lose stream / image quality.

Avatar
Ethan Ace
Aug 25, 2017

Frontrow edits

searched Hik overseas models for ordering from China 

straightened out Hik access part numbers with CSI, it's on order but no date

went over lorex with scanlan and rob, took a quick look at it for familiarity

UI Me review and screen share. Neat app

Tomorrow Hik 4K PTZ and lorex

Avatar
John Scanlan
Aug 25, 2017
IPVM • IPVMU Certified

worked on FrontRow camera report to close it out

assisted on camera class

started testing Lorex WiFi

member support

added a Dahua camera
followed up with Derek on Axis F Series cameras - they are added, but the images are not populating, will check it out tomorrow morning.

New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions