Skip to content

RVD#2565: Weak token generation for the REST API. #2565

Open
@rvd-bot

Description

@rvd-bot
id: 2565
title: 'RVD#2565: Weak token generation for the REST API.'
type: vulnerability
description: The access tokens for the REST API are directly derived from the publicly
  available default credentials for the web interface. Given a USERNAME and a PASSWORD,
  the token string is generated directly with base64(USERNAME:sha256(PASSWORD)). An
  unauthorized attacker inside the network can use the default credentials to compute
  the token and interact with the REST API to exfiltrate, infiltrate or delete data.
cwe: CWE-261
cve: CVE-2020-10275
keywords:
- MiR100, MiR200, MiR500, MiR250, MiR1000, ER200, ER-Lite, ER-Flex,
  ER-One, UVD
system: MiR100:v2.8.1.1 and before, MiR200, MiR250, MiR500, MiR1000, ER200,
  ER-Lite, ER-Flex, ER-One, UVD
vendor: Mobile Industrial Robots A/S, EasyRobotics, Enabled Robotics, UVD Robots
severity:
  rvss-score: 10.0
  rvss-vector: RVSS:1.0/AV:IN/AC:L/PR:N/UI:N/Y:Z/S:U/C:H/I:H/A:H/H:H
  severity-description: critical
  cvss-score: 9.8
  cvss-vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
links:
- https://cwe.mitre.org/data/definitions/261.html
- https://github.com/aliasrobotics/RVD/issues/2565
flaw:
  phase: runtime-operation
  specificity: subject-specific
  architectural-location: application-specific code
  application: REST API
  subsystem: N/A
  package: N/A
  languages: Python
  date-detected: 2020-06-11
  detected-by: Alias Robotics (group, https://aliasrobotics.com)
  detected-by-method: Testing dynamic.
  date-reported: '2020-06-24'
  reported-by: "Victor Mayoral Vilches (Alias Robotics)"
  reported-by-relationship: security researcher
  issue: https://github.com/aliasrobotics/RVD/issues/2565
  reproducibility: Always
  trace: Not disclosed
  reproduction: Not disclosed
  reproduction-image: Not disclosed
exploitation:
  description: Not disclosed
  exploitation-image: Not disclosed
  exploitation-vector: Not disclosed
  exploitation-recipe: ''
mitigation:
  description: Not disclosed
  pull-request: Not disclosed
  date-mitigation: null