exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Neoscreen 4.5 Authentication Bypass

Neoscreen 4.5 Authentication Bypass
Posted Jul 25, 2016
Authored by Alex Haynes

Neoscreen version 4.5 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
SHA-256 | 2a1948518f12aecc90ff982e0d377eb99f4226f02f0def6336846be88437e601

Neoscreen 4.5 Authentication Bypass

Change Mirror Download
Exploit Title: Neoscreen v4.5 Authentication bypass
Product: Neoscreen by Cube Digital Media
Vulnerable Versions: 4.5 and all previous versions
Tested Version: 4.5
Advisory Publication: July 24, 2016
Vulnerability Type: Authentication Bypass Issues [CWE-592]
CVE Reference: NONE
Credit: Alex Haynes

Advisory Details:


(1) Vendor & Product Description
--------------------------------

Vendor:
Cube Digital Media

Product & Version:
Neoscreen digital signage software v4.5

Vendor URL & Download:
http://www.cube-display.fr

Product Description:
"Neoscreen is an innovative, scalable and particularly powerful communication system. With just a few clicks, you can control all your dynamic display screens from your PC, wherever they may be in the world. "

(2) Vulnerability Details:
--------------------------
Several URL's of the admin interface of the neoscreen software do not perform session checks correctly, thereby allowing authentication bypass and allowing any user to access admin functions.

Proof of concept:
Any of the following URL's will allow access to the admin interface os the Neoscreen software, to admin functions that (among other things) allow the user to shutdown the screen completely, or wipe the database.

http://neoscreen/cubelocal/admin/shutdownMachine.asp
http://neoscreen/cubelocal/admin/stabilityControl.asp
http://neoscreen/cubelocal/modules/neoscreen/messages/basevide.asp
http://neoscreen/cubelocal/classe/index.asp

(3) Advisory Timeline:
----------------------
25/01/2016 - First Contact: vendor responds saying they are working on fix
24/02/2016 - Follow up e-mail to request fix timeline. No vendor response.
03/03/2016 - Follow up e-mail to request fix timeline.
04/03/2016 - Vendor responds saying fix will be available 14/03/2016.


(4)Solution:
------------
Upgrade to version 5 will fix this vulnerability.


(5) Credits:
------------
Discovered by Alex Haynes
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close