Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Servers :: axis2.htm

Axis StorPoint CD, Axis StorPoint CD/T (Software Version 4.13) - Get admin URLs without logon!



    Axis StorPoint CD, Axis StorPoint CD/T (Software Version 4.13)


    Following  is  based  on  Infosec  Security  Vulnerability Report.
    By  modifying  an  URL,  outsiders  can  access administrator URLs
    without entering username and password.

    CDs are available from the URL


    The configuration URL is:


    This page is protected by a login and could contain very sensitive
    information.  The login could be bypassed by the URL:


    The  server  seems   to  check  access   permissions  before   URL
    conversion.  Infosec would like to thank Peter Berggren and  Johan
    Diedrichs at Axis for their involvement with testing and supplying
    patch information.


    Infosec and Axis recommends  customers to upgrade their  StorPoint
    Software.  The  current version is  4.28 and is  not vulnerable to
    this attack:

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH