COMMAX Biometric Access Control System 1.0.0 Authentication Bypass
Title: COMMAX Biometric Access Control System 1.0.0 Authentication Bypass
Advisory ID: ZSL-2021-5661
Type: Local/Remote
Impact: Security Bypass, System Access, DoS
Risk: (5/5)
Release Date: 15.08.2021
MariaDB/10.3.15
[03.08.2021] Vendor contacted.
[04.08.2021] Vendor contacted.
[05.08.2021] No response from the vendor.
[06.08.2021] Vendor contacted.
[14.08.2021] No response from the vendor.
[15.08.2021] Public security advisory released.
[2] https://packetstormsecurity.com/files/163840
[3] https://exchange.xforce.ibmcloud.com/vulnerabilities/207574
[23.08.2021] - Added reference [1], [2] and [3]
Web: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2021-5661
Type: Local/Remote
Impact: Security Bypass, System Access, DoS
Risk: (5/5)
Release Date: 15.08.2021
Summary
Biometric access control system.Description
The application suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can bypass authentication and disclose sensitive information and circumvent physical controls in smart homes and buildings.Vendor
COMMAX Co., Ltd. - https://www.commax.comAffected Version
1.0.0Tested On
nginx/1.14.0 (Ubuntu)MariaDB/10.3.15
Vendor Status
[02.08.2021] Vulnerability discovered.[03.08.2021] Vendor contacted.
[04.08.2021] Vendor contacted.
[05.08.2021] No response from the vendor.
[06.08.2021] Vendor contacted.
[14.08.2021] No response from the vendor.
[15.08.2021] Public security advisory released.
PoC
commax_cookie.txtCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] https://www.exploit-db.com/exploits/50206[2] https://packetstormsecurity.com/files/163840
[3] https://exchange.xforce.ibmcloud.com/vulnerabilities/207574
Changelog
[15.08.2021] - Initial release[23.08.2021] - Added reference [1], [2] and [3]
Contact
Zero Science LabWeb: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk