Dahua And Hikvision Master Password Backdoor
UPDATE 2017: Dahua Backdoor Uncovered
UPDATE 2017: Hikvision Backdoor Confirmed
Hello community.
What is your opinion about possibility of local (Dahua) and remote (Hikvision) admin login without knowing the exact password of user with admin privileges? There is a possibility to generate a password knowing only the present date and just login.
The basic reason for leaving such possibility was helping users, which forgot their password. More or less 2 years ago Dahua had another way to do so, more hardware like (turn of the power, take out the battery, connect the contact and so on). Today you just need to calculate something like this:
8888 x day x month x year (last to digits)
and last 6 digits of this number as a password of 888888 user (it has admin privileges). Today it is: 8888 x 27 x 11 x 14 = 36956304 -> password: 956304. I have just checked it - it works fine.
I do not use Hikvision very often so can not check now, but as far as I know - it works exactly the same. Even more - you can use it remotely. More info here.
What is your opinion? Is it a good way? What mechanisms should be available to help user when he forgets the password?
Login to read this IPVM discussion.
*** ******* ********* ******** ******** ******* *** ************** ******** ** as *******:
*. *** ******** ******** ********* *** ******** ***** *********** **** as *** ********'* ****, *-**** *******, ******* ****, ******* ******, contact *******, ****** ****** **** *** ******* ****** **** ** device, ***.
*. ***** ********* ******** *** ************* *** ********'* ***********, ** will ******* * ****** **** **** ** ***** *** *** days.
*. **** ********* **** ********, ***** **** ** * ******** in *** **** *** (***** **** *******), *** ******** *** then **** ** *** ****** **** *** ***** *** ******** of *** ************** *******.
**** ******** ******** ******* *** **** ** *** ****** *** Local **** *******. ** ******** ******-******** *********** **** *** **** be ******** ****** *** ***, *** ** ******** **** *** secure **** ********* ** ********* ** ******** ***** *** **** tool ****** *** ***.
*** ***** *** ** ******** *** **** *************. ***** **** remarks **** *********?
******
***** ******** *** *********:
"** *** ***** *** ************* ******** *** **** ******** ******, *** ******** *** **** to *** *********." *** **** "************* *** ***** ***** ** *** ********* *** ***** ***** generation ********."
* ******** ** **** **** ****** *** **** ******* ** which *** *** ** ***. *******, ** ******* **** **** existing ********* *** ** ********. * **** **** **** *** more ***** ** *** ** *** *** **** ***********.
*******, ** ******* **** **** ******** ********* *** ** ********.
*******. * ***** **** ** ***** ** **% ** *** moment ;-) .
* ***** ******* ***** ****. ******* ********** *** *** ****** which *** **** ** ****** ********'* **** *******. *** **** alternated ****** *** ****** *****'* **** ***** *** ********* ** public ** ******* *** **** * ******* ****** *** ** them (*** *** ********* ****** ** ****), ** * ****** user *** ***% ******** ********* ***** ** * ***** :-) . ************* *** **** *** ******* ****** *** *******.
********* *** *** **** *******, *** ** *** ** * know **** ******* ******** *** ******** ***** ****** **** *****.
* ****** ***** **** ***** *** ******* ****** ******* **** more **** ***** ** ** **** *********.
******
* ***** **** ****** ** **** ** ****** *** ****** password **** *** ** ****** ********** ** * *** *******. I ******* **** *** ****** **** *) ******** ******, **** as * ***** ******, *** *) **** ** ****** **** all ********. **** ***, * ****** ****** ******** *** ******* can't *** **, *** *** **** *** ****** ***** *** device **** ********* ****** **** *** ******** **** **** *****.
****** * **** **** ** **** ** *** ** ****** a *************...
****://***.******.***/*****/***********/****/**/**/****-*******-****-*****-******-**-*****-*****-******-*****/
** *** ******** ********* **** *** **** *** ****, ** the ***** ** *** **** *** *** *** ** ****. I **** **** ******* **** *** *** ** * *** or ***** ** *****... ** *** ********* **** *** ****** number, **** ******* *** ***** **** ******** ****** ** *** device.
**** * ******** ******* ** **** *** *** ** *** wild, *** *** ** ****. * ********* ** *** ***** hand **** ** ********** ** *** ************, *** **** *** time/date ** **** ** "*******" *** *** ******* ** ****** with *** ********* **, ***. **** ** ******, *** *** great...
* ***** **** ** *** ***** **** (** ***** ********************* * *** ****************).
********** (***** * ***** *** ******* ********* ******** ** *** DVR) ****** ** *** ********, *** *** *** *********, ***** 888888 ** *** **** *** ****** (******** ********* **** *****'* date).
****** *****, *** *** *** ********* ** *** ********, *** not **** *** ******.
** ** **** * ******** ****? ***. ****** **** * calculator *** ***** ****** ** * *** *** *** **.
*******, *********** *** **** ** ** ********** ** *** ***, with * ***** *** ******* ********, ** ** **** **** of * ******** **** **** ** ***** ** ** ** were ******* ********. **** **** ** *** **** ***** ** keyboard ********, **** ***** ********* **** **** *** *** *** interface ** ****** ********.
Newest Discussions
| Discussion | Posts | Latest |
|---|---|---|
|
Started by
John Honovich
|
3
|
less than a minute by Undisclosed #1 |
|
Started by
Undisclosed Integrator #1
|
11
|
less than a minute by Ashley Schofield |
|
Started by
Undisclosed Integrator #1
|
1
|
about 1 hour by Undisclosed Integrator #1 |
|
Started by
Undisclosed #1
|
5
|
about 6 hours by Undisclosed #1 |
|
Started by
John Honovich
|
9
|
about 5 hours by John Honovich |
*** ********* ********** ****** **** *** **** ** **** *** device's ****** ******, ***** ****** ****** *** ******* ** **** into ****** *******. **** ** **** ********* **** **** *** are ******** *** ***** (*** ****** ****** *********).
* **** ********* **** ** ***** *** ********* *** *******.