Friday, January 24, 2020

[ITERIS] - Vantage Velocity Field Unit - No Documented Users, Weak Passwords and Credentials Disclosure - (CVE-2020-9023)

Device Information: 

"eclipse and bluetooth" users are not documented. In addition, these users and additionally "root" have weak credentials

Affected Versions:
  • 2.4.2
  • 2.3.1

The device "Vantage Velocity Field Unit" has 2 users that are not documented, and also, these are configured with weak passwords, including the root user of the device

Undocumented users are the following:
User bluetooth , password bluetooth 
User eclipse, password eclipse

root user password: bluetooth

The /etc/shadow file was extracted from the device and proceeded to crack it

Cracking passwords with john:

also version 2.3.1 has the same users

SSH connection with root and password "bluetooth":

SSH conections with the non documented users:


By: @Linuxmonr4



0 comentarios:

Post a Comment