iCAM Workstation Control Software Local Authentication Bypass

vendor:

iCAM Workstation Control

by:

StealthHydra

7,5

CVSS

HIGH

Local Authentication Bypass

N/A

CWE

Product Name: iCAM Workstation Control

Affected Version From: 4.8.0.0

Affected Version To: 4.8.0.0

Patch Exists: NO

Related CWE: N/A

CPE: a:insight_media_internet_limited:icam_workstation_control

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 7

2014

iCAM Workstation Control Software Local Authentication Bypass

There is a simple local exploit in iCAM workstation control which allows a user to bypass the login screen and access the Local Disk Drive to launch applications such as a Web Browser. To exploit this vulnerability, the attacker must press the Alt & Tab hotkey from the login screen, then press the shortcut for the Windows Help feature - Windows key & F1. Once in the windows help, the attacker must type in a random string into the search box and press enter, which will open the windows explorer. From there, the attacker can launch various applications by navigating the windows file system.

Mitigation:

The vendor should implement additional security measures to prevent unauthorized access to the system.

Source

Exploit-DB raw data:

# Exploit Title: iCAM Workstation Control Software Local Authentication Bypass
# Google Dork:
# Vendor: Insight Media Internet Limited is based in the North West of England, and has 10 years experience in developing both internet and software solutions.
  Our staff are focused and committed to offering the best possible service and assistance to customers both old and new.
# Product: iCAM Workstation Control is a PC booking system designed to give organisations complete control over the access and pre-booking of publicly accessible workstations.
# Details: There is a simple local exploit in iCAM workstation control which allows a user to bypass the login screen and access the Local Disk Drive to launch applications such as a Web Browser.
# Exploitation-Technique: Local
# Date: 06-03-2014
# Exploit Author: StealthHydra
# Vendor Homepage: http://www.insight-media.co.uk/index.php?id=9
# Software Link: 
# Version: 4.8.0.0
# Tested on: Windows 7
# CVE : 
# Method:
=========

1.) From the login screen most keys are blocked accept alphanumeric keys. However if you press the Alt & Tab hotkey then you can access the desktop of the user currently running the iCAM client.

2.) Although a blank desktop, you can then press the shortcut for the Windows Help feature - Windows key & F1

3.) Once in the windows help if you type in a random string into the search box and press enter, windows explorer appears. 

4.) Once in the windows explorer you can launch various applications by navigating the windows file system.