Multiple vulnerabilities in IDenticard PremiSys
| Risk | Low |
| Patch available | NO |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2019-3906 CVE-2019-3907 CVE-2019-3908 CVE-2019-3909 |
| CWE-ID | CWE-798 CWE-200 CWE-259 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
PremiSys Client/Desktop applications / Other client software |
| Vendor | IDenticard |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Use of hardcoded credentials
EUVDB-ID: #VU16996
Risk: Low
CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-3906
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
Description
The vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exists due to use of hard-coded credentials. A remote attacker can access the entire service via the PremiSys Windows Communication Foundation (WCF) Service endpoint to dump contents of the badge system database, modify contents, or other various tasks with unfettered access.
MitigationCybersecurity Help is currently unaware of any official solution to address the vulnerability.
Vulnerable software versionsPremiSys: 3.1.190
External linkshttp://www.tenable.com/blog/multiple-zero-days-in-premisys-identicard-access-control-system
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU16997
Risk: Low
CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-3907
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
Description
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to user credentials and other sensitive information are stored with a known-weak encryption method (Base64 encoded MD5 hashes - salt + password). A remote attacker can access arbitrary data.
MitigationCybersecurity Help is currently unaware of any official solution to address the vulnerability.
Vulnerable software versionsPremiSys: 3.1.190
External linkshttp://www.tenable.com/blog/multiple-zero-days-in-premisys-identicard-access-control-system
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Security restrictions bypass
EUVDB-ID: #VU16998
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-3908
CWE-ID:
CWE-259 - Use of Hard-coded Password
Exploit availability: No
Description
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to identicard backups are stored in an idbak format, which appears to simply be a password protected zip file. A remote attacker can bypass security restrictions.
MitigationCybersecurity Help is currently unaware of any official solution to address the vulnerability.
Vulnerable software versionsPremiSys: 3.1.190
External linkshttp://www.tenable.com/blog/multiple-zero-days-in-premisys-identicard-access-control-system
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information disclosure
EUVDB-ID: #VU16999
Risk: Low
CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-3909
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
Description
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to the IDenticard service installs with a default database username and password of "PremisysUsr" / "ID3nt1card. A remote attacker can access the sensitive contents of the databases.
MitigationCybersecurity Help is currently unaware of any official solution to address the vulnerability.
Vulnerable software versionsPremiSys: 3.1.190
External linkshttp://www.tenable.com/blog/multiple-zero-days-in-premisys-identicard-access-control-system
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
