SB2019011508 - Multiple vulnerabilities in IDenticard PremiSys
Published: January 15, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Use of hardcoded credentials (CVE-ID: CVE-2019-3906)
The vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exists due to use of hard-coded credentials. A remote attacker can access the entire service via the PremiSys Windows Communication Foundation (WCF) Service endpoint to dump contents of the badge system database, modify contents, or other various tasks with unfettered access.
2) Information disclosure (CVE-ID: CVE-2019-3907)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to user credentials and other sensitive information are stored with a known-weak encryption method (Base64 encoded MD5 hashes - salt + password). A remote attacker can access arbitrary data.
3) Security restrictions bypass (CVE-ID: CVE-2019-3908)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to identicard backups are stored in an idbak format, which appears to simply be a password protected zip file. A remote attacker can bypass security restrictions.
4) Information disclosure (CVE-ID: CVE-2019-3909)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to the IDenticard service installs with a default database username and password of "PremisysUsr" / "ID3nt1card. A remote attacker can access the sensitive contents of the databases.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.