Eibiz i-Media Server Digital Signage 3.8.0 Authentication Bypass
Posted by deepcore on August 22, 2020 – 6:23 am
Eibiz i-Media Server Digital Signage version 3.8.0 suffers from unauthenticated privilege escalation and arbitrary user creation vulnerability that allows authentication bypass. Once serialized, an AMF encoded object graph may be used to persist and retrieve application state or allow two endpoints to communicate through the exchange of strongly typed data. These objects are received by the server without validation and authentication and gives the attacker the ability to create any user with any role and bypass the security control in place and modify presented data on the screen/billboard.
Post a reply
You must be logged in to post a comment.