KevinLAB BEMS 1.0 Undocumented Backdoor Account

Posted by deepcore on July 21, 2021 – 4:27 am

KevinLAB BEMS version 1.0 has an undocumented backdoor account and the sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution thru the RMI. Attacker could exploit this vulnerability by logging in using the backdoor account with highest privileges for administration and gain full system control. The backdoor user cannot be seen in the users settings in the admin panel and it also uses an undocumented privilege level (admin_pk=1) which allows full availability of the features that the BEMS is offering remotely.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« KevinLAB BEMS 1.0 Authenticated File Path Traversal / Information Disclosure Dell OpenManage Enterprise Hardcoded Credentails / Privilege Escalation / Deserialization »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

KevinLAB BEMS 1.0 Undocumented Backdoor Account

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL