Milestone Entry Level Mobile Password Vulnerability Disclosed

By Brian Karas, Published May 24, 2017, 01:45pm EDT (Info+)

While many manufacturers have only addressed cybersecurity vulnerabilities after public disclosures were made (or threatened), Milestone has proactively identified and resolved a vulnerability that could allow unauthorized remote access to camera feeds. The company recently notified partners of a potential vulnerability in default installations, including how to close the vulnerability to prevent unauthorized camera viewing.

Additional details of the vulnerability, and mitigation steps, are in this report.

Vulnerability *******

*** ********* ******** ******* * ******* "admin" **** **** * ******* ******** that ** ******* ****** ************:

  • ******** ******* *.** ** **** **
  • ******** ********* *.** ** **** **
  • ******** ** *** ******** (*** ************)

**** **** *** ****** *** ****** end ******** **** ** **********, *********, Advanced, ***.

*** ******* ******* *** ********* ******* to **** ** ****** *** ***** to *** ** *** *******, ********* to *********.

Milestone ************ *****

** *********** **** ***** ** ********, Milestone **** *** ********* ***** ********** the ************* ** ******:

Mobile ****** / ****** ****** ******* ****** 

**** ************* ** ************ ********** ** cases ***** *** ******** ****** *** remote ****** *******, ****** *** *********'* mobile ******, ** *** *** ******** SmartClient. ** ***** *********, * ****** person ***** ******* *** ******* *********** to **** **** ** ******** *****, potentially ******** ********* ****/******* ** *** location ** ************ *******.

Closing *** *************

********* ********** *** ********** ** ***** this *************:

  • ****** *** ******* ***** **** ** change ******** ** ********* ******
  • ****** ** **** ** *******, ***** removes *** ******* *******. **** ******* **** be ********* **** *, ****. 

XProtect ************ / ********** ********* ** ** ********

******* ************* ** ***** ******** ** XProtect ** *** **** **** *****, according ** *********, *** ** ***** upgraded ** ******** ****** ** * higher *******, *** ******* **** ***** have ******** ** *****, ******** ***** upgraded ******* ** *** **** *************. In ***** *****, *** ******* ******* should ** ******* ** **** *** password *******.

Default **** ******* ******

********* ****** **** **** ******* **** has "*****" / ******* ******, *** would *** ** **** ** ********** the ***.

Severity ********

*** ************* ** ********** *** **** compared ** ***** ****** ************ ************* issues, **** ** ***** **** ***************, ** *********. * ******* ********** ** **** this ************* ** ****** ****** ** deleting *** ******* ****, ** ******** its ********, ********* ***** **** ********-********* users **** ****** ******* ****, ** the ******* *** *** ****** ** secret ** *** ***. *******, **** account *** *** **** ***** ******, limiting ** ********* ** ******* *****, unable ** ***** ******** ** ****** malicious **** ** *** ******.

No ***** ***** ******* *********

***** *** ** ***** ***** ******* passwords ** ********* ******** ********* ** Milestone.

Proper ******** ** *********

*********** ********** **** *****, *** ******* communicating *** ****** *** ******* ** address *** *************, ****** ******* *************'* ******* ******** ********** ***** ***********.*** ********** ******* **** ********** ** an **** *************** ** ****:

**** ***** ** ** ***** ***** explains ****** ... *** ** ** the ***** ************ **** *** **** out *** **** *** ***** ** acknowledge * ********* ******* **** **** made.

Comments (1)

Thank you Milestone!  You just set the bar for everyone else.

Agree: 17
Disagree
Informative
Unhelpful
Funny: 1
Login to read this IPVM report.
Why do I need to log in?
IPVM conducts reporting, tutorials and software funded by subscriber's payments enabling us to offer the most independent, accurate and in-depth information.
Loading Related Reports