SOYAL Biometric Access Control System 5.0 Master Code Disclosure
Posted by deepcore on March 20, 2021 – 5:32 pm
The controller in SOYAL Biometric Access Control System version 5.0 suffers from a cleartext transmission of sensitive information. This allows interception of the HTTP traffic and disclose the Master code and the Arming code via a man-in-the-middle attack. An attacker can obtain these codes to enter into the controller’s Programming mode and bypass physical security controls in place.
Post a reply
You must be logged in to post a comment.