A security researcher has highlighted a critical vulnerability in Hirsch's Enterphone MESH door access system, which comes with a default password allowing unauthorized remote access to door locks and elevators in numerous buildings across the U.S. and Canada. Despite this alarming discovery, Hirsch refuses to implement a fix, stating the issue is by design. This failure to prompt users to change their default passwords leaves many systems vulnerable. This security flaw is rated as a severe 10 out of 10 on the vulnerability scale, raising concerns about the systemic reliance on default passwords in technology today.
Default passwords are not uncommon nor necessarily a secret in internet-connected devices; relying on a customer to change a default password still classifies as a security vulnerability.
Hirsch, the company that now owns the Enterphone MESH door access system, won't fix the vulnerability, saying that the bug is by design.
In the case of Hirsch's door entry products, customers installing the system are not prompted or required to change the default password.
...the bug is rated as a 10 out of 10 on the vulnerability severity scale, thanks to the ease with which anyone can exploit it.
Collection
[
|
...
]