|Updated: 11/24/2005; 11:33:44 PM.
Data network connectivity developments, networking business news, and related computing items.
Monday, August 30, 2004
Axis Network Camera HTTP Authentication Bypass Vulnerability: Amazing securty hole: Axis makes widely used networked surveillance cameras. They have an onboard website for administration -- and that website is easily compromised. Furthermore, it's reported that many of these cameras are open on the public internet and can be found with google (not even a robots.txt file to prevent indexing). Incredible that a security products company would release such a buggy product. And it's also reported that the company didn't respond to hacker reports (normally companies issue info and an update before the hacker goes public.) "A vulnerability has been identified in several Axis Network Cameras, which can be exploited by a malicious person to bypass user authentication. Normally a user is required to input a username and password before access is granted to "http://[victim]/admin/admin.shtml". However, by sending a HTTP request with an extra "/" before the "admin" folder, it is possible to bypass the authentication completely." 10:10:56 AM
Copyright 2005 © Ken Novak.
Last update: 11/24/2005; 11:33:44 PM.