Communications of the ACM
Flaws in Vendor Security Software Could Leave Some Federal Buildings Vulnerable
Cybersecurity researchers have found previously unknown vulnerabilities in the access control systems of an identification card manufacturer and service provider used by federal agencies.
Credit: ekawatchaow/Shutterstock.com
Researchers at the Columbia, MD-based Tenable cybersecurity firm found previously unknown vulnerabilities in the access control systems of an identification card manufacturer and service provider used by federal agencies.
The researchers discovered several weaknesses in the control system used by IDenticard, called PremiSys, which if exploited could allow unauthorized parties to gain access to secure buildings and disable locks; malicious actors also could exfiltrate user data or otherwise modify accounts using administrator privileges.
PremiSys uses hard-coded usernames and passwords for administrator credentials that cannot be changed by customers. The system also uses default usernames and passwords for database access, which users can only change by sending preferred passwords to IDenticard.
The Tenable researchers warned if a government agency uses the full suite of IDenticard services, including the PremiSys control system, a bad actor could obtain full access to secure federal buildings.
From NextGov.com
View Full Article
Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA
No entries found