Uniview Weak Local / Strong Remote Password Policy Tested

By: Ethan Ace, Published on Mar 14, 2017

With the continuing onslaught of cyber-security breaches (see Dahua backdoor recently discovered, Hikvision defaulted devices getting hacked) making devices accessible via the public Internet is risky, especially when many users fail to change default passwords or use weak passwords.

However, many users and integrators prefer to leave default passwords to simplify local setup, troubleshooting and access.

Uniview has added a feature that aims to have it both ways by blocking remote access for weak passwords. In this report, we look at this feature and analyze how well it works and what its impact could be.

**** *** ********** ********* of *****-******** ******** (*** ***** ******** ******** **********,********* ********* ******* ******* hacked) ****** ******* ********** via *** ****** ******** ** risky, ********** **** **** users **** ** ****** default ********* ** *** weak *********.

*******, **** ***** *** integrators ****** ** ***** default ********* ** ******** local *****, *************** *** access.

******* *** ***** * feature **** **** ** have ** **** **** by ******** ****** ****** for **** *********. ** this ******, ** **** at **** ******* *** ******* how **** ** ***** and **** *** ****** could **.

[***************]

Summary ****

** **** ****, *** results **** **********; **** passwords *** ** **** from *** ***, *** strong ********* *** ******** when ******** ********* **** the ***.

Device ************

**** ******* ** ******** on *** ************** ** **************.

Required / ****** ** ********

**** **** ** ** enabled ** *******, **** no *** ** ******* it. ***** ****** **** use ****** ********* ** remote ****** ** *******.

Blocked: ****** ****** **** **** *********

**** ********** ** *** in ** * ******* device **** ******* *** local ******* ***** * default ** **** ******** (see ***** *****), ***** receive **** *******:

 

*** **** ** **** ******* via *** *** *********, client ***********, ** ****** (below).

Login **** ****** ******** **

*******, **** ******* ** with * **** **** strong ***********, *** *** web ********* ***** ** normal, ***** **** **** live ***** ********* **** the ***. *** ******** in **** **** *** 9 ********** ****, **** upper *** ***** **** letters, *******, *** ******* characters.

 

Password *****

** *******'* *****, * "strong" ******** ******** ** least * **********, **** three ** *** *********: uppercase *******, ********* *******, numbers, *** ******* **********. Passwords *** ** *******, or **** *****, *** remote ****** **** ** disabled ***** **** ******* if **.

Vote / ****

Test *****

*** ******* *** *** setup ** * ****** location with **** ********** ********** for ****** ******.  ** tested ************ **** *** office *** *** ***** remote ******** **** **** the *** ********* ** well ** ******.

********:

  • ******-***-**: ********

Comments (4)

Vincent Scarpelli

03/14/17 01:06pm

This isn't bad per say but I much prefer strong passwords everywhere. And I prefer minimum 5 character user names as well. 

Decoux Guilhem

03/16/17 09:29am

As distributor from UNV I prefer strong password everywhere, but we have to keep in mind the needs from some final users, so weak password might still useful for some of them on LAN and local video output.

Undisclosed Manufacturer #1

In reply to Decoux Guilhem | 03/23/17 05:48am

Hi,Mr Guilhem DECOUX, how are you? 

Truman HW

03/04/18 05:25pm

lets just remember one password per device, no  ? 

Read this IPVM report for free.

This article is part of IPVM's 6,435 reports, 865 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

Vulnerability Directory For Access Credentials on Feb 20, 2020
Knowing which access credentials are insecure can be difficult to see,...
Use Access Control Logs To Constrain Coronavirus on Apr 09, 2020
Access control users have included capabilities that are not commonly used...
Breaking Into A Facility Using Canned Air Tested on Jan 28, 2020
Access control is supposed to make doors more secure, but a $5 can of...
China DVR/NVR Backdoor Discovered, Huawei Refutes on Feb 07, 2020
A backdoor was found in Chinese-produced DVRs and NVRs that secretly allowed...
Vehicle Gate Access Control Guide on Mar 19, 2020
Vehicle gate access control demands integrating various systems to keep...
Dahua Critical Cloud Vulnerabilities on May 12, 2020
Dahua has acknowledged a series of cloud vulnerabilities that researcher...
Help Security End Users Facing Coronavirus Improve Remote Access on Mar 24, 2020
Many end-users and integrators are struggling with the impact of coronavirus...
Add Door Operators To Fight Coronavirus on Mar 31, 2020
IPVM recommends that integrators advocate and end-users consider adding door...
Delayed Egress Access Control Tutorial on Feb 04, 2020
Delayed Egress marks one of the few times locking people into a building is...
Facial Recognition 101 on Mar 18, 2020
Facial recognition interest, use and fear is increasing. This guide aims to...
Remote Network Access for Video Surveillance Guide on Jul 27, 2020
Remotely accessing surveillance systems is key in 2020, with more and more...
The Insecure Verkada Access Control System on Jun 25, 2020
While Verkada touts the security of its system and that how their new door...
Dynamic vs Static IP Addresses Tutorial on Apr 16, 2020
While many cameras default to DHCP out of the box, that does not mean you...
Milestone Presents XProtect On AWS on May 04, 2020
Milestone presented its XProtect on AWS offering at the April 2020 IPVM New...
ZKTeco Presents SpeedFace Recognition + Body Temperature Detection on Apr 21, 2020
ZKTeco presented its SF1008+ reader with body temperature and face mask...

Recent Reports

SIA Coaches Sellers on NDAA 889B Blacklist Workarounds on Aug 05, 2020
Last month SIA demanded that NDAA 899B "must be delayed". Now that they have...
ADI Returns To Growth, Back To 'Pre-COVID Levels' on Aug 05, 2020
While ADI was hit hard in April, with revenue declining 21%, the company's...
Exposing Fever Tablet Suppliers and 40+ Relabelers on Aug 05, 2020
IPVM has found 40+ USA and EU companies relabeling fever tablets designed,...
Indian Government Restricts PRC Manufacturers From Public Projects on Aug 04, 2020
In a move that mirrors the U.S. government’s ban on Dahua and Hikvision...
Directory of 200 "Fever" Camera Suppliers on Aug 04, 2020
This directory provides a list of "Fever" scanning thermal camera providers...
Face Masks Increase Face Recognition Errors Says NIST on Aug 04, 2020
COVID-19 has led to widespread facemask use, which as IPVM testing has shown...
Dahua Loses Australian Medical Device Approval on Aug 04, 2020
Dahua has cancelled its medical device registration after "discussions" with...
Google Invests in ADT, ADT Stock Soars on Aug 03, 2020
Google has announced a $450 million investment in the Florida-based security...
US Startup Fever Inspect Examined on Aug 03, 2020
Undoubtedly late to fever cameras, this US company, Fever Inspect, led by a...
Motorola Solutions Acquires Pelco on Aug 03, 2020
Motorola Solutions has acquired Pelco, pledging to bring blue back and make...
False: Verkada: "If You Want To Remote View Your Cameras You Need To Punch Holes In Your Firewall" on Jul 31, 2020
Verkada falsely declared to “3,000+ customers”, “300 school districts”, and...
US GSA Explains NDAA 889 Part B Blacklisting on Jul 31, 2020
With the 'Blacklist Clause' going into effect August 13 that bans the US...
Access Control Online Show July 2020 - On-Demand Recording of 45+ Manufacturers Presentations on Jul 30, 2020
The show featured 48 Access Control presentations, all now recorded and...
Face Detection Shootout - Dahua, Hanwha, Hikvision, Uniview, Vivotek on Jul 30, 2020
Face detection analytics are available from a number of manufactures...
Sunell is The First China Manufacturer to Market NDAA Compliance on Jul 30, 2020
Most China manufacturers are going to be impacted by the NDAA 'Blacklist...