Tuesday, January 14, 2020

[Hikvision] DVR DS-7204HGHI User Enumeration (CVE-2020-7057)


The DVR DS-7204HGHI created by Hikvision is using the Web version V4.0.1 build 180903.

https://mastecsa.com/wp-content/uploads/2019/05/5c47444fec836059272e97c4.jpg

When you try to log-in in the WebServer, the Webpage rely on the “ISAPI” for the authentication. It makes GET requests for the username trying to authenticate, if this username exists, it will respond a Session ID, a Challange and a SALT (also the iterations and if is reversible). If the username does not exist, is going to respond with a 500 Internal Server Error.

 
 

But as I said before, if the username exists, is going to response with interesting information.



This give us the chance to rely on a bruteforce attack for username enumeration. Hikvision’s Web Server, have a limit for fail log-ins, so be careful with the bruteforce OR do it manually avoiding the ban and trying only 4 – 5 usernames per device until you can try again.


CVE-2020-7057
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7057

mpx

Autor

0 comentarios:

Post a Comment

 
biz.