CVE-2018-9031

2018-03-2916:00:00

mitre

www.cve.org

9.6 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.0%

JSON

The login interface on TNLSoftSolutions Sentry Vision 3.x devices provides password disclosure by reading an “if(pwd ==” line in the HTML source code. This means, in effect, that authentication occurs only on the client side.

References

gist.github.com/pabloonicarres/c2c284ca7b025d629da39087445ed15d#file-sentryvision_authentication_bypass-sh

www.youtube.com/watch?v=pLMH9vGPRCo