Dahua And Hikvision Master Password Backdoor
UPDATE 2017: Dahua Backdoor Uncovered
UPDATE 2017: Hikvision Backdoor Confirmed
Hello community.
What is your opinion about possibility of local (Dahua) and remote (Hikvision) admin login without knowing the exact password of user with admin privileges? There is a possibility to generate a password knowing only the present date and just login.
The basic reason for leaving such possibility was helping users, which forgot their password. More or less 2 years ago Dahua had another way to do so, more hardware like (turn of the power, take out the battery, connect the contact and so on). Today you just need to calculate something like this:
8888 x day x month x year (last to digits)
and last 6 digits of this number as a password of 888888 user (it has admin privileges). Today it is: 8888 x 27 x 11 x 14 = 36956304 -> password: 956304. I have just checked it - it works fine.
I do not use Hikvision very often so can not check now, but as far as I know - it works exactly the same. Even more - you can use it remotely. More info here.
What is your opinion? Is it a good way? What mechanisms should be available to help user when he forgets the password?
Login to read this IPVM discussion.
*** ******* ********* ******** ******** ******* *** ************** ******** ** as *******:
*. *** ******** ******** ********* *** ******** ***** *********** **** as *** ********'* ****, *-**** *******, ******* ****, ******* ******, contact *******, ****** ****** **** *** ******* ****** **** ** device, ***.
*. ***** ********* ******** *** ************* *** ********'* ***********, ** will ******* * ****** **** **** ** ***** *** *** days.
*. **** ********* **** ********, ***** **** ** * ******** in *** **** *** (***** **** *******), *** ******** *** then **** ** *** ****** **** *** ***** *** ******** of *** ************** *******.
**** ******** ******** ******* *** **** ** *** ****** *** Local **** *******. ** ******** ******-******** *********** **** *** **** be ******** ****** *** ***, *** ** ******** **** *** secure **** ********* ** ********* ** ******** ***** *** **** tool ****** *** ***.
*** ***** *** ** ******** *** **** *************. ***** **** remarks **** *********?
******
***** ******** *** *********:
"** *** ***** *** ************* ******** *** **** ******** ******, *** ******** *** **** to *** *********." *** **** "************* *** ***** ***** ** *** ********* *** ***** ***** generation ********."
* ******** ** **** **** ****** *** **** ******* ** which *** *** ** ***. *******, ** ******* **** **** existing ********* *** ** ********. * **** **** **** *** more ***** ** *** ** *** *** **** ***********.
*******, ** ******* **** **** ******** ********* *** ** ********.
*******. * ***** **** ** ***** ** **% ** *** moment ;-) .
* ***** ******* ***** ****. ******* ********** *** *** ****** which *** **** ** ****** ********'* **** *******. *** **** alternated ****** *** ****** *****'* **** ***** *** ********* ** public ** ******* *** **** * ******* ****** *** ** them (*** *** ********* ****** ** ****), ** * ****** user *** ***% ******** ********* ***** ** * ***** :-) . ************* *** **** *** ******* ****** *** *******.
********* *** *** **** *******, *** ** *** ** * know **** ******* ******** *** ******** ***** ****** **** *****.
* ****** ***** **** ***** *** ******* ****** ******* **** more **** ***** ** ** **** *********.
******
* ***** **** ****** ** **** ** ****** *** ****** password **** *** ** ****** ********** ** * *** *******. I ******* **** *** ****** **** *) ******** ******, **** as * ***** ******, *** *) **** ** ****** **** all ********. **** ***, * ****** ****** ******** *** ******* can't *** **, *** *** **** *** ****** ***** *** device **** ********* ****** **** *** ******** **** **** *****.
****** * **** **** ** **** ** *** ** ****** a *************...
****://***.******.***/*****/***********/****/**/**/****-*******-****-*****-******-**-*****-*****-******-*****/
** *** ******** ********* **** *** **** *** ****, ** the ***** ** *** **** *** *** *** ** ****. I **** **** ******* **** *** *** ** * *** or ***** ** *****... ** *** ********* **** *** ****** number, **** ******* *** ***** **** ******** ****** ** *** device.
**** * ******** ******* ** **** *** *** ** *** wild, *** *** ** ****. * ********* ** *** ***** hand **** ** ********** ** *** ************, *** **** *** time/date ** **** ** "*******" *** *** ******* ** ****** with *** ********* **, ***. **** ** ******, *** *** great...
* ***** **** ** *** ***** **** (** ***** ********************* * *** ****************).
********** (***** * ***** *** ******* ********* ******** ** *** DVR) ****** ** *** ********, *** *** *** *********, ***** 888888 ** *** **** *** ****** (******** ********* **** *****'* date).
****** *****, *** *** *** ********* ** *** ********, *** not **** *** ******.
** ** **** * ******** ****? ***. ****** **** * calculator *** ***** ****** ** * *** *** *** **.
*******, *********** *** **** ** ** ********** ** *** ***, with * ***** *** ******* ********, ** ** **** **** of * ******** **** **** ** ***** ** ** ** were ******* ********. **** **** ** *** **** ***** ** keyboard ********, **** ***** ********* **** **** *** *** *** interface ** ****** ********.
Newest Discussions
| Discussion | Posts | Latest |
|---|---|---|
|
Started by
Jay Hobdy
|
10
|
3 minutes by Joshua Hendricks |
|
Started by
Skip Cusack
|
6
|
21 minutes by Damon Tarquinio |
|
Started by
Undisclosed Manufacturer #1
|
12
|
11 minutes by Undisclosed Manufacturer #1 |
|
Started by
Jon Dillabaugh
|
5
|
about 8 hours by Undisclosed Manufacturer #2 |
|
Started by
John Honovich
|
12
|
less than a minute by Undisclosed Manufacturer #5 |
*** ********* ********** ****** **** *** **** ** **** *** device's ****** ******, ***** ****** ****** *** ******* ** **** into ****** *******. **** ** **** ********* **** **** *** are ******** *** ***** (*** ****** ****** *********).
* **** ********* **** ** ***** *** ********* *** *******.