Hikvision VMS Password Recovery Vulnerability - Emailing Admin Passwords In Plain Text

********* ****-**** ******* **** a ************* **** ****** anyone *****, ******* **************, to ******** * **** that ********* **** ******* by ******** *** ***** password ** ***** ****.

**** ** ********* **** the********* ******** ******* ******** codes. ******* ** ** for *** ****-****, ********** this ************* ***** ******* access ** *** ******* connected ** *** ****-**** including ********* ******* *** recorders, ** **** ** any *** ***** ******* connected ******* ***** *********.

** **** ****** ** detail *** *************, ********** how ** *** ** exploited *** *** ******** problems *******.

[***************]

iVMS-4200 ******** *************

*** ****-**** ****** ******** a "****** ********" ******:

******** "****** ********" ******* an "********* ******", ***** can ** ******* ** Hikvision ******* *** ******** recovery [**** ** ****** available]:

****** ** **** ** 'contact **** ******', ********* support ******* ***** ********* to ** ******* *** attempt ** ************** ** verification.

***** * ***** ****** (~30 ******* ** *** example), ********* ******* ****** the ****-**** ******'* ***** password ** ***** ****:

Multiple ******** *****

***** *** * *** security *****:

• ** ************** *** ************
• *** ****'* ******** ** emailed **** ** ***** text
• ** ***** ** ******
• ******* *********
• *********** ********* *** ** cracked

No ************** *** ************

****** *** *** **** up ** * ******** with ****-**** ******** *** get *** ***** ******** directly. ***** ** ** email, ***** ****** ** any ***** ******* ** verify ** ************ *** requester ** **********. **** is ****** *** ****** universally ******* *******.

Plain **** ********

******** *** ******** ** plain **** ** ******* violation ** ***** ******** practices, **** ***** ***** that ******** **** *** change ** **** ***. Anyone *** *** ****** to **** *****, ****** on *** ******** ** sender's **** *** *** the ***** ******** *** the ******.

No ***** ** ******

**** ******** ******** ******* from ********* ******* **** more **** **** ******** password ******, ** ** provides *** ****** ***** password ** ** ************ person. **** ******** ***** functions, *** ***** ******** gets ***** ** * new *****, ******** ******** legitimate ***** **** ********* may ** ***** **** their ******** ***** *******.

Reusing *********

***** ******* ********* ****** devices ** *** ********, it ** ******. ** the ****** *** ***** the ****-**** *********** **** the **** ***** ******** on ***** ******* ** applications, *** ******** *** has *** ***** ******** to * ******* ** devices. **** ** *** iVMS-4200 ***** ******** ** unique, ********* *** ********* password *** ******* ***** into *** *** **** chooses *********, ****** ** easier ** **** ************ access ** ***** *******.

Recoverable ********* *** ** *******

*********'* '********* ******' *** the ******** *** ** cracked. ** *********** ******** analyst *** **** ** determine *** ********* ******* about *** ******* ****** a *** *****:

*** ***** ******** ** encrypted **** *** ** ECB ****, *** ** then ****** *******, ******* adding "***" *** "***". This ** *********** *** the **** ** ******* and ******** **** ******* passphrases. *** ** *** mode ** *********** ** a ********* ******** ******, allowing ** ******** ** determine *** *********, ******, and ******* ****** *** ciphertext. ** * ******, the ******** ***** ** able ** ********* *** key/password **** *** ********** and ***** **** ******* the **** *********.

** *********'* ******** ********** scheme **** *******, ********* could ** ******** ******* the **** ** ******* Hikvision *******, ****** ** even ****** *** ****** for ****-**** ******* ** be ***********.

Risk ** ********** ** ******** ********* *************

*** ***** ***** ******** users ***** *** **** PC/iVMS-4200 ************, ** ** effectively ********** ** ******** secure *** ******** **** lower-level ***** ********* *** admin ******** "********* ******" and ******* ** ** Hikvision ******* ** ******** the ***** ********.

********* *** ****** ********** user ********, ****** ** enterprises *** ****** *************, therefore ***** ********** ** risk ** ********* ********** admin ********* ******* **** vulnerability.

Hikvision

**** ***** ********* ** passwords *** ***** *********/******** were ****** ** * similar ****** ***** ********* passwords *** ***********, *** there ** * *** for ***** ** ******* the ******** ******** ** iVMS-4200. ********* *** *********** receipt ** *** *********, but *** *** ***** a ********, ** ************ when * ******** ***** be ********.

******

***** ********* *** *** respond ** *** ***** (sent ****** ****), **** released * "******* ********" and ******* ******* ** iVMS-4200 ***** (****** ****):

Mitigating ******** ******** ****

******* ********* ***** ** so **** *** ** unauthorized **** ** ******** an ****-**** ***** ********, users ** *** *********** need ** ******* ******* unauthorized ****** ** *** application. ****** ****** **** a **** ***** ******** and ******** ****** *********** should ** **** ** prevent ************ ***** **** launching *** *** *** retrieving *** ******** ***** code.

Hikvsion **** ******** ********

****** ********* ****** ** "understand *** ********** ** information ********" [**** ** longer *********], ***** ******* continually ***** *********. *************** have **** ***** ***********'* ****** ***,***** ********,*******/*********, *** *** ** application. ***** ********** *************** show **** *** ******* does *** ***** *********** security/cyber ******** ** * top ********, ****** * responsive ******* ** ********* approach ** ******** *********** security. ** ** ****** likely **** ***** ******* lines, **** ** ****** control ** *********, **** similar *************** **** *** customers ** ****. ***** of ********* ******** ** software ****** ******** ***** products **********, *** *** appropriate ******* ** ******* against ******** *** ******** exploit *************.