Uniview Weak Local / Strong Remote Password Policy Tested

By Ethan Ace, Published Mar 14, 2017, 04:58am EDT

With the continuing onslaught of cyber-security breaches (see Dahua backdoor recently discovered, Hikvision defaulted devices getting hacked) making devices accessible via the public Internet is risky, especially when many users fail to change default passwords or use weak passwords.

However, many users and integrators prefer to leave default passwords to simplify local setup, troubleshooting and access.

Uniview has added a feature that aims to have it both ways by blocking remote access for weak passwords. In this report, we look at this feature and analyze how well it works and what its impact could be.

Summary ****

** **** ****, *** results **** **********; **** passwords *** ** **** from *** ***, *** strong ********* *** ******** when ******** ********* **** the ***.

Device ************

**** ******* ** ******** on *** ************** ** **************.

Required / ****** ** ********

**** **** ** ** enabled ** *******, **** no *** ** ******* it. ***** ****** **** use ****** ********* ** remote ****** ** *******.

Blocked: ****** ****** **** **** *********

**** ********** ** *** in ** * ******* device **** ******* *** local ******* ***** * default ** **** ******** (see ***** *****), ***** receive **** *******:

 

*** **** ** **** ******* via *** *** *********, client ***********, ** ****** (below).

Login **** ****** ******** **

*******, **** ******* ** with * **** **** strong ***********, *** *** web ********* ***** ** normal, ***** **** **** live ***** ********* **** the ***. *** ******** in **** **** *** 9 ********** ****, **** upper *** ***** **** letters, *******, *** ******* characters.

 

Password *****

** *******'* *****, * "strong" ******** ******** ** least * **********, **** three ** *** *********: uppercase *******, ********* *******, numbers, *** ******* **********. Passwords *** ** *******, or **** *****, *** remote ****** **** ** disabled ***** **** ******* if **.

Vote / ****

Test *****

*** ******* *** *** setup ** * ****** location with **** ********** ********** for ****** ******.  ** tested ************ **** *** office *** *** ***** remote ******** **** **** the *** ********* ** well ** ******.

********:

  • ******-***-**: ********

Comments (4)

Vincent Scarpelli

03/14/17 01:06pm

This isn't bad per say but I much prefer strong passwords everywhere. And I prefer minimum 5 character user names as well. 

Avatar

Decoux Guilhem

03/16/17 09:29am

As distributor from UNV I prefer strong password everywhere, but we have to keep in mind the needs from some final users, so weak password might still useful for some of them on LAN and local video output.

Undisclosed Manufacturer #1

In reply to Decoux Guilhem | 03/23/17 05:48am

Hi,Mr Guilhem DECOUX, how are you? 

Truman HW

03/04/18 05:25pm

lets just remember one password per device, no  ? 

Read this IPVM report for free.

This article is part of IPVM's 6,810 reports, 914 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now
Loading Related Reports