Vulnerability Note VU#591667
CoSoSys Endpoint Protector 4 appliance contains a predictable password for root-equivalent account vulnerability
CoSoSys Endpoint Protector 4 appliance contains a predictable password for root-equivalent accounts.
According to the CoSoSys's website the Endpoint Protector 4 appliance is a DLP product used to prevent users from taking unauthorized data outside the company or bringing potential harmful files on USB devices, files which can have a significant impact on your network’s health. The CoSoSys Endpoint Protector 4 appliance contains a predictable password for root-equivalent accounts. The activation script sets the password to the EPProot account to a password based on the sum of each number in the appliance's serial number. The script cuts the serial number (10 numeric characters) out of a file and then adds each character together to populate the $SUMS variable. Then "eroot!00($SUM)RO" where $SUM is a number presumably from 0-90 (9*10) is set as the password for the epproot account. There are only 90 unique combinations so it can be brute-forced.
An attacker may be able to gather sensitive configuration information including account credentials or session authentication tokens of the CoSoSys Endpoint Protector 4 appliance.
We are currently unaware of a practical solution to this problem.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|CoSoSys Endpoint Security||Affected||30 Jul 2012||10 Sep 2012|
CVSS Metrics (Learn More)
Thanks to Christopher Campbell for reporting this vulnerability.
This document was written by Michael Orlando.
- CVE IDs: CVE-2012-2994
- Date Public: 17 Sep 2012
- Date First Published: 17 Sep 2012
- Date Last Updated: 17 Sep 2012
- Document Revision: 9
If you have feedback, comments, or additional information about this vulnerability, please send us email.