Programi Bilanc build 007 release 014 31.01.2020 uses a weak default password.
0684cc018d81493067512a493fc582e9f17cf8e183fca6389439f5dbe1141d93Programi Bilanc - Build 007 Release 014 31.01.2020 - Use of weak default Password
===============================================================================
Identifiers
-------------------------------------------------
CVE-2020-11720
Vendor
-------------------------------------------------
Balanc Shpk (https://bilanc.com)
Product
-------------------------------------------------
Programi Bilanc
Affected versions
-------------------------------------------------
Programi Bilanc - Build 007 Release 014 31.01.2020 and possibly below
Credit
-------------------------------------------------
Georg Ph E Heise (@gpheheise) / Lufthansa Industry Solutions (@LHIND_DLH)
Vulnerability summary
-------------------------------------------------
The installation sets up admin accounts with weak default credentials
Technical details
------------------------------------------------
During the installation, it sets up administrative access by default with the account admin and password 0000. After the installation, users/admins are not prompted to change this password.
Proof of concept
-------------------------------------------------
Withheld
Solution
-------------------------------------------------
Don’t use the software in its current version & contact vendor for a solution
Timeline
-------------------------------------------------
Date| Status
------------|-----------------------------
01–APR-2020 | Reported to vendor
30-JUN-2020 | End of 90 Days Full Disclosure Time
17-DEZ-2020 | Full disclosure
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed