{"vuid":"VU#591667","idnumber":"591667","name":"CoSoSys Endpoint Protector 4 appliance contains a predictable password for root-equivalent account vulnerability","keywords":["cososys","endpoint","protector","predictable"],"overview":"CoSoSys Endpoint Protector 4 appliance contains a predictable password for root-equivalent accounts.","clean_desc":"According to the CoSoSys's website the Endpoint Protector 4 appliance is a DLP product used to prevent users from taking unauthorized data outside the company or bringing potential harmful files on USB devices, files which can have a significant impact on your network’s health. The CoSoSys Endpoint Protector 4 appliance contains a predictable password for root-equivalent accounts. The activation script sets the password to the EPProot account to a password based on the sum of each number in the appliance's serial number. The script cuts the serial number (10 numeric characters) out of a file and then adds each character together to populate the $SUMS variable. Then \"eroot!00($SUM)RO\" where $SUM is a number presumably from 0-90 (9*10) is set as the password for the epproot account. There are only 90 unique combinations so it can be brute-forced.","impact":"An attacker may be able to gather sensitive configuration information including account credentials or session authentication tokens of the CoSoSys Endpoint Protector 4 appliance.","resolution":"We are currently unaware of a practical solution to this problem.","workarounds":"Restrict access As a general good security practice, only allow connections from trusted hosts and networks. Restricting access would prevent an attacker from accessing a CoSoSys Endpoint Protector 4 appliance using stolen credentials from a blocked network location.","sysaffected":"","thanks":"Thanks to Christopher Campbell for reporting this vulnerability.","author":"This document was written by Michael Orlando.","public":["h","t","t","p",":","/","/","w","w","w",".","e","n","d","p","o","i","n","t","p","r","o","t","e","c","t","o","r",".","c","o","m","/","p","r","o","d","u","c","t","s","/","e","n","d","p","o","i","n","t","_","p","r","o","t","e","c","t","o","r"],"cveids":["CVE-2012-2994"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2012-07-23T17:24:08Z","publicdate":"2012-09-17T00:00:00Z","datefirstpublished":"2012-09-17T11:59:26Z","dateupdated":"2012-09-17T11:59:26Z","revision":9,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"P","cvss_availabilityimpact":"P","cvss_exploitablity":null,"cvss_remediationlevel":"W","cvss_reportconfidence":"UC","cvss_collateraldamagepotential":"LM","cvss_targetdistribution":"L","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"6.8","cvss_basevector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","cvss_temporalscore":"5.2","cvss_environmentalscore":"1.7","cvss_environmentalvector":"CDP:LM/TD:L/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}