Vulners
Lucene search
ICT Protege GX/WX 2.08 Client-Side SHA1 Password Hash Disclosure
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | CVE-2022-29731 | 2 Jun 202214:15 | – | attackerkb |
 | ICT Protege GX和ICT Protege WX 安全漏洞 | 2 Jun 202200:00 | – | cnnvd |
 | CVE-2022-29731 | 27 May 202212:56 | – | cve |
 | CVE-2022-29731 | 27 May 202212:56 | – | cvelist |
 | EUVD-2022-34054 | 3 Oct 202520:07 | – | euvd |
 | CVE-2022-29731 | 2 Jun 202214:15 | – | nvd |
 | CVE-2022-29731 | 2 Jun 202214:15 | – | osv |
 | Design/Logic Flaw | 2 Jun 202214:15 | – | prion |
 | CVE-2022-29731 | 23 May 202500:18 | – | redhatcve |
<html><body><p>ICT Protege GX/WX 2.08 Client-Side SHA1 Password Hash Disclosure
Vendor: Integrated Control Technology Ltd.
Product web page: https://www.ict.co
Affected version: GX: Ver: 2.08.1002 K1B3
Lib: 04.00.217
Int: 2.3.235.J013
OS: 2.0.20
WX: Ver: 4.00 284 H062
App: 02.08.766
Lib: 04.00.169
Int: 02.2.208
Summary: Protege GX is an enterprise level integrated access control, intrusion
detection and building automation solution with a feature set that is easy to
operate, simple to integrate and effortless to extend. Protege WX is an all-in-one,
web-based, cross-platform system that gives you a fully functional access control
and intrusion detection solution in a fraction of the time of conventional software.
With no software to install, setup is quick and simple. Connect the Controller and
system components, then open a web browser to launch the intuitive wizard-driven
interface which guides you through the process of configuring your system.
Desc: The application is vulnerable to improper access control that allows an
authenticated operator to disclose SHA1 password hashes (client-side) of other
users/operators.
Tested on: Microsoft-WinCE/6.00
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2022-5700
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5700.php
08.02.2022
--
Navigate to http://CONTROLLER_IP/operator.htm
Source:
</p><p><label id="OperatorPassword">Password</label><input class="narrow" id="Password" readonly="" type="password" value=""/> <input class="narrow" data-multiselect="disabled" id="ButtonChangeOperatorPassword" onclick="updatePassword('operator');" style="float: right; margin-right: 23%; width: auto;" type="button" value="Change Password"/></p>
...
...
<input id="pswdsha" type="hidden" value="053e98c13fcbd7df3bf3a220088e19c867dfd4cc"/>
...
</body></html>Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
21 Mar 2022 00:00Current
5.8Medium risk
Vulners AI Score5.8
CVSS 24
CVSS 3.14.3
EPSS0.00106