Abuse Melding

Je hebt een klacht over de onderstaande posting:

04-12-2017, 11:00 door Anoniem

Wat is dit een slecht artikel. Dat wifi gebeuren is helemaal niet het spannendste. Dit wel: Hikvision camera API includes support for proprietary HikCGI protocol, which exposes URI endpoints through the camera's web interface. The HikCGI protocol handler checks for the presence of a parameter named "auth" in the query string and if that parameter contains a base64-encoded "username:password" string, the HikCGI API call assumes the idntity of the specified user. The password is ignored. There are four handlers in a typical Hikvision camera firmware that process API requests: ISAPI, PSIA, HikCGI, and Genetec. All four contain very similar authentication and authorization code. Only one of the four (HikCGI) has an additional piece of code with a very simple logic of "if this exists, then skip all authentication". Once you understand the code flow, the backdoor code really stands out. It is nearly impossible for a piece of code that obvious to not be noticed by development or QA teams, yet it has been ...

Beschrijf je klacht (Optioneel):

captcha