Claimed Security Vulnerability in Axis, Aimetis and Milestone VMSes
Author: John Honovich, Published on Nov 09, 2015Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.
Related Reports on VMS
Stolen Video NVR / DVR Statistics
on Aug 15, 2017
"But what happens if someone steals my recorder?"
Anyone who has done more than a handful of jobs has probably heard this question several times....
IP Camera Specification / RFP Guide 2017
on Aug 14, 2017
RFPs are hard.
Do them 'right' and it takes a lot of knowledge and time.
Do them 'wrong' and you can be (a) unwittingly locked into a specific...
Briefcam New Outsider CEO Promises Exponential Growth
on Jul 31, 2017
Briefcam is now nearly a decade old, having raised over $20 million, to improve investigations and review of video. The company has remained a...
Canon Sues Avigilon
on Jul 27, 2017
Canon, owner of Axis and Milestone, has sued Avigilon for patent infringement in US court.
This is a highly atypical move for Canon, pitting 3 of...
Sports Stadium Security Design Recommendations
on Jul 24, 2017
Sports stadiums pose many challenges for designing security systems. The facilities vary from being mostly vacant, to packed with tens of thousands...
Genetec Mission Control Tested
on Jul 13, 2017
Genetec continues to move up market with their Mission Control, "Decision Support System", bringing PSIM-like procedures and incident management to...
OnSSI Gets $16 Million Funding
on Jul 11, 2017
OnSSI has had a rollercoaster past few years. Between acquiring VMS company Seetec, breaking up with former OEM partner Milestone and a rocky...
ONVIF Widely Used Toolkit gSOAP Vulnerability Discovered
on Jul 10, 2017
A vulnerability has been discovered in a toolkit that video surveillance manufacturers widely use for implementing ONVIF.
In this report, we...
H.265 / HEVC Codec Tutorial 2017
on Jun 30, 2017
For years, video surveillance professionals have talked about the potential for H.265.
Now, in 2017, H.265 is starting to gain mainstream...
Hikvision H.265+ Tested
on Jun 27, 2017
Hikvision, which in the past few years released H.264+ (see test results) has now released H.265+, that claims even greater bandwidth savings.
We...
Most Recent Industry Reports
Save $50 - IP Networking Course September 2017
on Aug 16, 2017
Tomorrow, Thursday, August 17th is the last day to save $50 on the September IP Networking Course.
This is the only networking course designed...
Hikvision Responds To Cracked Security Codes
on Aug 15, 2017
Hikvision has responded to IPVM's report on Hikvision's security code being cracked, both with a 2 page update to dealers and communication...
Stolen Video NVR / DVR Statistics
on Aug 15, 2017
"But what happens if someone steals my recorder?"
Anyone who has done more than a handful of jobs has probably heard this question several times....
Hikvision Europe Cutting Out Unauthorized End User Sales
on Aug 15, 2017
The days of anyone buying Hikvision from anywhere off the Internet are numbered, at least in Europe, if Hikvision's plan comes to fruition.
In...
Axis Laser Focus PTZ Tested
on Aug 14, 2017
Axis has been touting its new Q6155-E laser focus PTZ as 'always in focus' and 'always in color'.
Does it really deliver?
We bought and tested...
Vulnerability Directory For Access Control Cards
on Aug 14, 2017
Knowing which access credentials are insecure can be unclear, especially because most look and feel the same. Even the most insecure 125 kHz types...
IP Camera Specification / RFP Guide 2017
on Aug 14, 2017
RFPs are hard.
Do them 'right' and it takes a lot of knowledge and time.
Do them 'wrong' and you can be (a) unwittingly locked into a specific...
Cellphone Usage Issues For Integrators (Statistics)
on Aug 11, 2017
Cellphones clearly offer significant advantages in communication and problem solving.
But they can also be a major pain point if employees...
Rebooting IP Camera Statistics And Practices
on Aug 10, 2017
Dahua cameras automatically reboot weekly, by default.
Is this an innovation by the Chinese mega-manufacturer or a sign of a problems?
125...
Avigilon Profits Surge, Stock Jumps (Q2 2017)
on Aug 10, 2017
Avigilon said earlier this year they would shift their strategy to maximizing profits.
Now, they are delivering it and the stock market is...
The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.
Comments (18)
Undisclosed Integrator #1
***** **** ** ******, *** *******'* ** ********* ** ** such * *** *** ****'* ***** * *** **** *** internet, * **** ********** ** **** *** ******** ***.
Create New Topic
Undisclosed Manufacturer #3
**** ******* ***** *** ** ******* ****** **************, ** ******* to ******** ******/***** ** **** ** *********. * ***** *** trick, ** **** *** *** ***** ** **** * ******* to ******* *** ** ****** **************, *** ** **** *** connectin ********* - ** ** ******'* **** **** **** ** basic **************.
***** ***.** *** ** ********* *** ******* * *********** *** the ****** ** ***** ** ** ** *** ******* *** then *** ** ***** **. **** ***** **** ****** * 3rd ***** ***'* ******** **** *** ************...
Create New Topic
Justin Schorn
*’* *** ******* ******* *** ******* ******** ***.
***** *** ******** ************* ********* ** ********* * ******* ***** and ******** ****** ** *** *** ** ***** *** *** and ******* *** *********, *******’ ****** ****** **** (**-**), ******** last ****, ********* **** *****. ******* **-** *** *** ************ Release ***** *** ********* **** ************** *** ** *** ************ *** *********. **** **** ****** prevents ********* ******* ********* ***** ** *********** *** **** ************** downgrade.
******* ***** *** ********* ******** ****** ********* *** ***** **** these ******* ** * ********* *** *********** ******. ** ******** to ********* **** ******** *****, ******* ************** ************ *** ******* **** ******* ************ *** ***** ********** ***** with ********* ******* *******. ** **** *********** ****** *** ******* certified ************ *** ********* ******** ***** *** ******** ******** ********** of *** ****** *** **** *** **.
Create New Topic
Undisclosed #2
**** ** * **** *********** *** ***** ********* *.* ** shine **** *********!
*** ****** ** ******** *****?
Create New Topic
John Honovich
******* ******** * ********* **** ******** ******* ** **** *****:
**** ******* ******** *** ** ********** ***** ************** *** *** HTTP *** **** ********* ** ******* ******* ********** ******** (***) spoofing ******* ******* *** ******** *** * ******.
**** ******* ******** *** ** ********** ***** ************** **** ** HTTPS ********** **** ** ***** **** *** * ******.
Create New Topic
Ryan Twitchell
**** ** **** ********* ** ***** ***** ** *******:*****://***.**********.***/****/***-**-***-******-***-***-********-*********-******
* ******** **** **** *** *****'* ******** *** ***** ************** as * *** ** ******* **** *** *****.
**;**: ** *** **** ** ********* ********** (********* *****) ** otherwise *** ******* ************ ** **** **** *******, ***** ************** can ** * **** *****. ** *** *** ***** **** HTTP *** *** ******* **** ******* ******* *********, **** ****** authentication***** *** *** ** **.
**** ** ** *** ** **** ****** ******** ** ********* (and ***** ** ****** ** ********* * ****** **** ******) and *** *** ** ********** ** *** ********:
****** ************** *** * ***** *******. *** ** *** ****** authentication *****, ** ********* ******** *** ****** ** ***** **** password ** **** ** ***** ** ************ ***. ***** **************, however, ****** *** ****** ** **** **** * **** (* "fingerprint") ** *** ********. ******* **** *** **** ***** ** more ********* *** ****** ********* *** ****** (** ******) ** discover **** ********. *** ******* **** ***** *** ***** ******** (like *** **** ****** **** ** ****) **** **** **** available ** ****** *** ***** ****** ** *** ******. ***** passwords *** ****** * ***, **** **** ** ****** *** have * ****** ******.
***, ***** **** ***** **** ******** **** *** ****. *** kind ** ********** *** ******* ********* ***********, *** ************ **** HTTPS *** *** *** ******** ** ******* **** *********** **** used ********, *** **** **** ** ** **** **** ***** vulnerabilities.
* ****** **** ** ****** ********** ********* ** ******* **** right *** (** *** ********), *** ****** ********** ****** ** able ** ******* **** **** * ****** ********.
Create New Topic
Ryan Twitchell
* *** ******* ***** ** **** *** ********, *** * quick **** ** *** *** ***** **** *** *** ******* for **** *****. ** **** ** ******* ********** *** *** to ***** ******* ****** ************** **** ** ***** ********* **** basic ************** ** *** ****** ** ** *******.
* ***** *** ***** **** ***** *******, ****** ** ******* that ****** **** ******* ************ ** *** *** *********. * do *** ******* ******* * ******** ***** ** *** *** digest ** ********** **** ** ****** *****, *** ** ******** in ********* ******* ******* *** ************. *** ********* ** **** digest **************, * ****** ***** ***** ********* **** *** **** algorithm (**** ** ******) *** ** **** ** *** ***** auth.
Create New Topic
John Honovich
****: ********* ******** **** *** ***** ** **** *****, ** are ******** * ********. *** ***** **** **** ***** ******* sooner ** **** ********.
Create New Topic