PrismaWEB 1.21 Authentication Bypass via Hardcoded Credentials (ZSL-2018-5453)

Critical Vulnerability Information Title: Prisma Industriale Checkweigher PrismaWEB 1.21 Authentication Bypass Suggested ID: ZSL-2018-5453 Type: Local/Remote Impact: DoS, Security Bypass, System Access Risk: 5/5 Release Date: 10.03.2018 Summary Web machine management Description This vulnerability exists due to hardcoded credentials being exposed, allowing attackers to effectively bypass PrismaWEB authentication with administrative privileges. These credentials can be leaked by simply navigating to script functions used for the management interface, specifically the "login.js" JavaScript page and the Login() function in "/scripts/functions_cookie.js". Affected Versions 1.0 (Rev 21, EPROM 202FWSAM??) Tested On HMS AnyBus-S WebServer Vendor Status 06.02.2018: Vulnerability discovered 19.02.2018: Vendor contacted 09.02.2018: Vendor did not respond 10.03.2018: Public security advisory released PrismaWeb Authentication Test prismaweb_auth.txt References 1. https://exchange.xforce.ibmcloud.com/vulnerabilities/140264 2. https://packetstormsecurity.com/files/146726 3. https://cxsecurity.com/issue/WLB-2018030101 4. https://www.exploit-db.com/exploits/44276/ 5. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9161 6. https://nvd.nist.gov/vuln/detail/CVE-2018-9161 Change Log 10.03.2018: Initial release 16.03.2018: Added references [1], [2], [3], and [4] 19.04.2018: Added references [5] and [6]

Goal Reached Thanks to every supporter — we hit 100%!

PrismaWEB 1.21 Authentication Bypass via Hardcoded Credentials (ZSL-2018-5453)