A software suite intended to let merchant ships’ crews digitally communicate with the world ashore was riddled with security vulnerabilities including undocumented admin accounts with hardcoded passwords and widespread use of Adobe Flash.
Infosec consultancy Pen Test Partners said it took all of 90 minutes to discover enough problems with Dualog Connection Suite to submit six CVE number requests.
In a detailed blog post, the firm said: “Within a few seconds we’d already noticed our first vulnerability, simply by watching the network traffic in the browser developer tools. There were enough signs to warrant deeper investigation.”
Findings included an undocumented admin account with a hardcoded password – a password that Pen Test Partners cracked in 10 minutes. The Oracle database underpinning the suite used the outdated MD5 hash with no salting, meaning researcher ..
Support the originator by clicking the read the rest link below.
