Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RVD#2565: Weak token generation for the REST API. #2565

Open
rvd-bot opened this issue Jun 24, 2020 · 0 comments
Open

RVD#2565: Weak token generation for the REST API. #2565

rvd-bot opened this issue Jun 24, 2020 · 0 comments

Comments

@rvd-bot
Copy link
Contributor

rvd-bot commented Jun 24, 2020

id: 2565
title: 'RVD#2565: Weak token generation for the REST API.'
type: vulnerability
description: The access tokens for the REST API are directly derived from the publicly
  available default credentials for the web interface. Given a USERNAME and a PASSWORD,
  the token string is generated directly with base64(USERNAME:sha256(PASSWORD)). An
  unauthorized attacker inside the network can use the default credentials to compute
  the token and interact with the REST API to exfiltrate, infiltrate or delete data.
cwe: CWE-261
cve: CVE-2020-10275
keywords:
- MiR100, MiR200, MiR500, MiR250, MiR1000, ER200, ER-Lite, ER-Flex,
  ER-One, UVD
system: MiR100:v2.8.1.1 and before, MiR200, MiR250, MiR500, MiR1000, ER200,
  ER-Lite, ER-Flex, ER-One, UVD
vendor: Mobile Industrial Robots A/S, EasyRobotics, Enabled Robotics, UVD Robots
severity:
  rvss-score: 10.0
  rvss-vector: RVSS:1.0/AV:IN/AC:L/PR:N/UI:N/Y:Z/S:U/C:H/I:H/A:H/H:H
  severity-description: critical
  cvss-score: 9.8
  cvss-vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
links:
- https://cwe.mitre.org/data/definitions/261.html
- https://github.com/aliasrobotics/RVD/issues/2565
flaw:
  phase: runtime-operation
  specificity: subject-specific
  architectural-location: application-specific code
  application: REST API
  subsystem: N/A
  package: N/A
  languages: Python
  date-detected: 2020-06-11
  detected-by: Alias Robotics (group, https://aliasrobotics.com)
  detected-by-method: Testing dynamic.
  date-reported: '2020-06-24'
  reported-by: "Victor Mayoral Vilches (Alias Robotics)"
  reported-by-relationship: security researcher
  issue: https://github.com/aliasrobotics/RVD/issues/2565
  reproducibility: Always
  trace: Not disclosed
  reproduction: Not disclosed
  reproduction-image: Not disclosed
exploitation:
  description: Not disclosed
  exploitation-image: Not disclosed
  exploitation-vector: Not disclosed
  exploitation-recipe: ''
mitigation:
  description: Not disclosed
  pull-request: Not disclosed
  date-mitigation: null
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment