CWE-640: Weak Password Recovery Mechanism for Forgotten Password
IOActive has reported that Cobham SAILOR 900 VSAT, SAILOR FleetBroadBand 150/250/500, EXPLORER BGAN, and AVIATOR 200/300/350/700D have been identified with a weak password recovery mechanism. It is possible more products than what have been identified are affected. The password reset algorithm used by these products can be reverse engineered so an attacker may be able to generate their own reset codes to change the password of the administrator account.
A remote unauthenticated attacker with access to the web interface may be able to reset the administrator password and take over the account.
We are currently unaware of a practical solution to this problem. Please consider the following workaround.
Thanks to Ruben Santamarta for reporting this vulnerability.
This document was written by Chris King.
|Date First Published:||2014-08-07|
|Date Last Updated:||2014-08-07 22:30 UTC|