Uniview Weak Local / Strong Remote Password Policy Tested

By: Ethan Ace, Published on Mar 14, 2017

With the continuing onslaught of cyber-security breaches (see Dahua backdoor recently discovered, Hikvision defaulted devices getting hacked) making devices accessible via the public Internet is risky, especially when many users fail to change default passwords or use weak passwords.

However, many users and integrators prefer to leave default passwords to simplify local setup, troubleshooting and access.

Uniview has added a feature that aims to have it both ways by blocking remote access for weak passwords. In this report, we look at this feature and analyze how well it works and what its impact could be.

**** *** ********** ********* of *****-******** ******** (*** ***** ******** ******** **********,********* ********* ******* ******* hacked) ****** ******* ********** via *** ****** ******** ** risky, ********** **** **** users **** ** ****** default ********* ** *** weak *********.

*******, **** ***** *** integrators ****** ** ***** default ********* ** ******** local *****, *************** *** access.

******* *** ***** * feature **** **** ** have ** **** **** by ******** ****** ****** for **** *********. ** this ******, ** **** at **** ******* *** ******* how **** ** ***** and **** *** ****** could **.

[***************]

Summary ****

** **** ****, *** results **** **********; **** passwords *** ** **** from *** ***, *** strong ********* *** ******** when ******** ********* **** the ***.

Device ************

**** ******* ** ******** on *** ************** ** **************.

Required / ****** ** ********

**** **** ** ** enabled ** *******, **** no *** ** ******* it. ***** ****** **** use ****** ********* ** remote ****** ** *******.

Blocked: ****** ****** **** **** *********

**** ********** ** *** in ** * ******* device **** ******* *** local ******* ***** * default ** **** ******** (see ***** *****), ***** receive **** *******:

 

*** **** ** **** ******* via *** *** *********, client ***********, ** ****** (below).

Login **** ****** ******** **

*******, **** ******* ** with * **** **** strong ***********, *** *** web ********* ***** ** normal, ***** **** **** live ***** ********* **** the ***. *** ******** in **** **** *** 9 ********** ****, **** upper *** ***** **** letters, *******, *** ******* characters.

 

Password *****

** *******'* *****, * "strong" ******** ******** ** least * **********, **** three ** *** *********: uppercase *******, ********* *******, numbers, *** ******* **********. Passwords *** ** *******, or **** *****, *** remote ****** **** ** disabled ***** **** ******* if **.

Vote / ****

Test *****

*** ******* *** *** setup ** * ****** location with **** ********** ********** for ****** ******.  ** tested ************ **** *** office *** *** ***** remote ******** **** **** the *** ********* ** well ** ******.

********:

  • ******-***-**: ********

Comments (4)

Vincent Scarpelli

03/14/17 01:06pm

This isn't bad per say but I much prefer strong passwords everywhere. And I prefer minimum 5 character user names as well. 

Decoux Guilhem

03/16/17 09:29am

As distributor from UNV I prefer strong password everywhere, but we have to keep in mind the needs from some final users, so weak password might still useful for some of them on LAN and local video output.

Undisclosed Manufacturer #1

In reply to Decoux Guilhem | 03/23/17 05:48am

Hi,Mr Guilhem DECOUX, how are you? 

Truman HW

03/04/18 05:25pm

lets just remember one password per device, no  ? 

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

China DVR/NVR Backdoor Discovered, Huawei Refutes on Feb 07, 2020
A backdoor was found in Chinese-produced DVRs and NVRs that secretly allowed access to the recorders. While it was first attributed to Huawei...
Dahua New Critical Vulnerability 2019 on Sep 23, 2019
Dahua has quietly admitted 5 new vulnerabilities including 1 critical vulnerability with a 9.8 / 10.0 CVSS score and 2 high vulnerabilities (scored...
ONVIF Exposure To "Devastating DDoS Attacks" Examined on Sep 06, 2019
ZDnet reported "Protocol used by 630,000 devices can be abused for devastating DDoS attacks", citing exposure of ONVIF devices. And after an...
Warning: Windows 7 Update Crashing NVRs on Aug 26, 2019
Windows 7 updates are causing VMS servers to fail to boot. After running the update, impacted systems do not boot as normal, instead display this...
CheckMySystems Company Profile on Aug 14, 2019
CheckMySystems says that too many users respond, "I get an email when something is wrong" when talking about their video system maintenance plan,...
Dahua Wiretapping Vulnerability on Aug 02, 2019
IPVM has validated, with testing, and from Dahua, that many Dahua cameras have a wiretapping vulnerability. Even if the camera's audio has been...
Vivotek Trend Micro Cyber Security Camera App Tested on Jul 22, 2019
Vivotek and Trend Micro are claiming five million blocked attacks on IP cameras, with their jointly developed app for Vivotek cameras. This new...
LifeSafety Power NetLink Vulnerabilities And Problematic Response on May 20, 2019
'Power supplies' are not devices that many think about when considering vulnerabilities but as more and more devices go 'online', the risks for...
Security Fail: ASISNYC Auto Emails Passwords In Plain Text on May 14, 2019
ASIS NYC automatically emails a user with the password the user just entered, in plain text, when one registers for the site / event, as the...
Camera Configuration Manager Shootout - Avigilon, Axis, Bosch, Dahua, Hanwha, Hikvision on May 01, 2019
Which camera manufacturer has the best management tool? We tested 6 manufacturers - Avigilon, Axis, Bosch, Dahua, Hanwha, Hikvision to find...

Most Recent Industry Reports

GeoVision Presents AI and Facial Recognition on May 22, 2020
GeoVision presented its AI analytics and facial recognition at the April 2020 IPVM New Products show. Inside this report: A 30-minute video...
Density Presents Occupancy Monitoring For Coronavirus Protection on May 22, 2020
Density presented its cloud-based occupancy sensor to deal with Coronavirus at the May 2020 IPVM Startups show. Inside this report: A...
Openpath Presents Two Door PoE Controller on May 21, 2020
Openpath presented its new PoE controller at the May 2020 IPVM Startups show. Inside this report: A 30-minute video from Openpath including...
Bosch Presents MIC 7100 Extreme PTZs on May 21, 2020
Bosch presented its MIC 7100 Extreme PTZs at the April 2020 IPVM New Products show. Inside this report: A 30-minute video from Bosch...
Hikvision Chairman Targeted For Sanctions As Federal Watchdog Calls Out Hikvision "Serious Religious Freedom Violations" on May 21, 2020
The US government's religious freedom watchdog has criticized Hikvision for being "credibly implicated in serious religious freedom violations"....
Hikvision Temperature Screening Tested on May 20, 2020
Hikvision has ramped up the promotion of its 'temperature screening' system, including their salespeople arguing for no blackbody needed. But how...
Axxon Presents VMS 4.4 and AI Behavior Analytics on May 20, 2020
AxxonSoft presented its VMS 4.4 and AI behavior analytics at the April 2020 IPVM New Products show. Inside this report: A 30-minute video...
Indoor Robotics Presents Tando Aerial Drones on May 20, 2020
Indoor Robotics presented Tando indoor autonomous drones at the May 2020 IPVM Startups show. Inside this report: A 30-minute video from...
Directory of 89 Video Surveillance Startups on May 20, 2020
This directory provides a list of video surveillance startups to help you see and research what companies are new or not yet broadly...
FLIR Cancelling Contract With X.Labs / Feevr on May 20, 2020
While X.Labs announced the signing of a new agreement with FLIR on May 12, 2020, FLIR said, in response, on May 18, 2020, that they had cancelled a...