Vulnerability Note VU#870601
PolyVision RoomWizard insecurely stores Sync Connector Active Directory credentials and uses default administrative password
The PolyVision RoomWizard web based scheduling system with touch screen display contains two vulnerabilities that allow an unauthorized user to access the device console and Sync Connector Active Directory credentials.
The PolyVision RoomWizard is a touch screen scheduling device with a web-based administrative interface. The Sync Connector feature allows the RoomWizard to communicate with Microsoft Exchange in an Microsoft Windows Actitve Directory (AD) environment. The Sync Connector AD credentials are disclosed in the content of a web page on the administrative interface. This vulnerability has been reported to be affected in RoomWizard firmware version 3.2.3.
An additional issue exists in that the RoomWizard ships with a default password on the administrator account permitting console access via HTTP.
An attacker with HTTP access to a RoomWizard device and knowledge of the administrative password could obtain the AD credentials. The attacker could also modify settings, including network configuration, which could prevent legitimate users from accessing the RoomWizard device.
Change default passwords
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|PolyVision||Affected||18 Oct 2010||08 Dec 2010|
CVSS Metrics (Learn More)
Thanks to Sean Lam for reporting this vulnerability.
This document was written by Michael Orlando.
- CVE IDs: CVE-2010-0214
- Date Public: 07 Jan 2011
- Date First Published: 07 Jan 2011
- Date Last Updated: 07 Jan 2011
- Severity Metric: 1.26
- Document Revision: 32
If you have feedback, comments, or additional information about this vulnerability, please send us email.