Alien RFID Reader Security Bypass Vulnerability
BID:39942
Info
Alien RFID Reader Security Bypass Vulnerability
| Bugtraq ID: | 39942 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 04 2010 12:00AM |
| Updated: | May 04 2010 12:00AM |
| Credit: | [email protected] |
| Vulnerable: |
Alien Technology ALR-9900 0 |
| Not Vulnerable: | |
Discussion
Alien RFID Reader Security Bypass Vulnerability
Alien RFID reader devices are prone to a security-bypass vulnerability because the Alien account has the same default password for all RFID readers. Remote attackers can use this information to authenticate to the device.
Successful exploits may allow attackers to gain privileged access to the device or network; other attacks may also be possible.
ALR-9900 is vulnerable; other models may also be affected.
Alien RFID reader devices are prone to a security-bypass vulnerability because the Alien account has the same default password for all RFID readers. Remote attackers can use this information to authenticate to the device.
Successful exploits may allow attackers to gain privileged access to the device or network; other attacks may also be possible.
ALR-9900 is vulnerable; other models may also be affected.
Exploit / POC
Alien RFID Reader Security Bypass Vulnerability
An attacker can carry out this attack using readily available network utilities.
An attacker can carry out this attack using readily available network utilities.
Solution / Fix
Alien RFID Reader Security Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Alien RFID Reader Security Bypass Vulnerability
References:
References: