Uniview Weak Local / Strong Remote Password Policy Tested

By Ethan Ace, Published Mar 14, 2017, 04:58am EDT

With the continuing onslaught of cyber-security breaches (see Dahua backdoor recently discovered, Hikvision defaulted devices getting hacked) making devices accessible via the public Internet is risky, especially when many users fail to change default passwords or use weak passwords.

However, many users and integrators prefer to leave default passwords to simplify local setup, troubleshooting and access.

Uniview has added a feature that aims to have it both ways by blocking remote access for weak passwords. In this report, we look at this feature and analyze how well it works and what its impact could be.

Summary ****

** **** ****, *** results **** **********; **** passwords *** ** **** from *** ***, *** strong ********* *** ******** when ******** ********* **** the ***.

Device ************

**** ******* ** ******** on *** ************** ** **************.

Required / ****** ** ********

**** **** ** ** enabled ** *******, **** no *** ** ******* it. ***** ****** **** use ****** ********* ** remote ****** ** *******.

Blocked: ****** ****** **** **** *********

**** ********** ** *** in ** * ******* device **** ******* *** local ******* ***** * default ** **** ******** (see ***** *****), ***** receive **** *******:

 

*** **** ** **** ******* via *** *** *********, client ***********, ** ****** (below).

Login **** ****** ******** **

*******, **** ******* ** with * **** **** strong ***********, *** *** web ********* ***** ** normal, ***** **** **** live ***** ********* **** the ***. *** ******** in **** **** *** 9 ********** ****, **** upper *** ***** **** letters, *******, *** ******* characters.

 

Password *****

** *******'* *****, * "strong" ******** ******** ** least * **********, **** three ** *** *********: uppercase *******, ********* *******, numbers, *** ******* **********. Passwords *** ** *******, or **** *****, *** remote ****** **** ** disabled ***** **** ******* if **.

Vote / ****

Test *****

*** ******* *** *** setup ** * ****** location with **** ********** ********** for ****** ******.  ** tested ************ **** *** office *** *** ***** remote ******** **** **** the *** ********* ** well ** ******.

********:

  • ******-***-**: ********

Comments (4)

This isn't bad per say but I much prefer strong passwords everywhere. And I prefer minimum 5 character user names as well. 

Agree
Disagree: 2
Informative
Unhelpful
Funny

As distributor from UNV I prefer strong password everywhere, but we have to keep in mind the needs from some final users, so weak password might still useful for some of them on LAN and local video output.

Agree: 1
Disagree
Informative: 2
Unhelpful
Funny

Hi,Mr Guilhem DECOUX, how are you? 

Agree
Disagree
Informative
Unhelpful
Funny

lets just remember one password per device, no  ? 

Agree
Disagree
Informative
Unhelpful
Funny
Read this IPVM report for free.

This article is part of IPVM's 7,008 reports, 931 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now
Loading Related Reports