CVE-2020-37228
9.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks against user accounts.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Yerootech | iDS6 DSSPro Digital Signage System | 6.2 | affected |
Weaknesses
- CWE-307: Improper Restriction of Excessive Authentication Attempts
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: total
References
- https://www.exploit-db.com/exploits/48991
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5607.php
- http://www.yerootech.com
- https://www.vulncheck.com/advisories/ids6-dsspro-digital-signage-system-captcha-security-bypass
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.