"Vulnerabilities discovered by researchers in Dormakaba physical access control systems could have allowed hackers to remotely open doors at major organizations. The security holes were discovered by experts at SEC Consult, a cybersecurity consulting firm under Atos-owned Eviden, in Dormakaba's Exos central management software, a hardware access manager, and registration units that enable entry via a keypad, fingerprint reader, or chip card."
"Several types of vulnerabilities were identified, including hardcoded credentials and encryption keys, weak passwords, lack of authentication, insecure password generation, local privilege escalation, data exposure, path traversal, and command injection issues. The vulnerable product is mainly used by large enterprises in Europe, including industrial companies, energy providers, logistics firms, and airport operators. Exploitation of the flaws identified by SEC Consult researchers could have allowed threat actors to directly unlock doors, obtain access PINs, or conduct further attacks in the compromised environment. "A few thousand customers were potentially affected, with a small subset having high-security requirements," Dormakaba told SecurityWeek."
"In total, more than 20 vulnerabilities were discovered and reported to the vendor, which over the past year and a half has been working to release patches and hardening guidelines. Dormakaba has also been working with major customers to ensure that their access systems are no longer vulnerable. According to the vendor, "To exploit the vulnerabilities, an attacker needs prior access to the customer-specific infrastructure (network or hardware). As a result, exploitation would only be possible from within the customer's own protected network.""
Vulnerabilities in Dormakaba Exos central management software, a hardware access manager, and registration units could permit remote unlocking of doors and theft of access PINs and credentials. The flaws include hardcoded credentials and encryption keys, weak passwords, missing authentication, insecure password generation, local privilege escalation, data exposure, path traversal, and command injection. The product is widely deployed across large European enterprises, including industrial, energy, logistics, and airport operators, affecting a few thousand customers with a subset holding high-security requirements. More than 20 vulnerabilities were reported and Dormakaba has issued patches and hardening guidance while working with major customers. A few dozen internet-exposed systems remained vulnerable and could be targeted directly from the web.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]