CoSoSys Endpoint Protector 4 appliance contains a predictable password for root-equivalent accounts.
According to the CoSoSys's website the Endpoint Protector 4 appliance is a DLP product used to prevent users from taking unauthorized data outside the company or bringing potential harmful files on USB devices, files which can have a significant impact on your network’s health. The CoSoSys Endpoint Protector 4 appliance contains a predictable password for root-equivalent accounts. The activation script sets the password to the EPProot account to a password based on the sum of each number in the appliance's serial number. The script cuts the serial number (10 numeric characters) out of a file and then adds each character together to populate the $SUMS variable. Then "eroot!00($SUM)RO" where $SUM is a number presumably from 0-90 (9*10) is set as the password for the epproot account. There are only 90 unique combinations so it can be brute-forced.
An attacker may be able to gather sensitive configuration information including account credentials or session authentication tokens of the CoSoSys Endpoint Protector 4 appliance.
We are currently unaware of a practical solution to this problem.
Thanks to Christopher Campbell for reporting this vulnerability.
This document was written by Michael Orlando.
|Date First Published:||2012-09-17|
|Date Last Updated:||2012-09-17 11:59 UTC|