HackDig : Dig high-quality web security articles for hackers

Arteco Web Client DVR/NVR 'SessionId' Cookie Brute Force Session Hijacking Exploit

2020-12-24 12:07
Title: Arteco Web Client DVR/NVR 'SessionId' Cookie Brute Force Session Hijacking Exploit
Advisory ID: ZSL-2020-5613
Type: Local/Remote
Impact: Security Bypass
Risk: (3/5)
Release Date: 24.12.2020
Summary
Arteco DVR/NVR is a mountable industrial surveillance serverideal for those who need to manage IP video surveillance designed formedium to large installations that require high performance and reliability.Arteco can handle IP video sources from all major international manufacturersand is compatible with ONVIF and RTSP devices.
Description
The Session ID 'SessionId' is of an insufficient length and can beexploited by brute force, which may allow a remote attacker to obtain avalid session, bypass authentication and disclose the live camera stream.
Vendor
Arteco S.U.R.L. - https://www.arteco-global.com
Affected Version
N/A
Tested On
Microsoft Windows 10 Enterprise
Apache/2.4.39 (Win64) OpenSSL/1.0.2s
Apache/2.2.29 (Win32) mod_fastcgi/2.4.6 mod_ssl/2.2.29 OpenSSL/1.0.1m
Arteco-Server
Vendor Status
[16.11.2020] Vulnerability discovered.
[10.12.2020] Vendor contacted.
[23.12.2020] No response from the vendor.
[24.12.2020] Public security advisory released.
PoC
arteco_session.py
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
N/A
Changelog
[24.12.2020] - Initial release
Contact
Zero Science Lab

Web: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk


Source: php.3165-0202-LSZ/seitilibarenluv/ne/km.ecneicsorez.www

Read:411 | Comments:0 | Tags: exploit

“Arteco Web Client DVR/NVR 'SessionId' Cookie Brute Force Session Hijacking Exploit”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Tools

Tag Cloud