Home | Research | Resources | Advisories | POSIM EVO for Windows
Client Login "Override"
CVE ID
CVE-2018-15807
VENDOR
POSIM, LLC
PRODUCT
POSIM EVO for Windows
Product version
15.13
Vulnerability Details
POSIM EVO for Windows includes an "Emergency Override" administrative account that may be accessed through POSIM's "override" feature. This Override prompt expects a code that is computed locally using a deterministic algorithm. This code may be generated by an attacker and used to bypass any POSIM EVO login prompt.
Learn More →
Vendor response
POSIM has not remediated the vulnerability.
Disclosure timeline
02-27-2018 - Disclosed to Vendor 02-28-2018 - Disclosures forwarded to development 03-27-2018 - Development still working on both issues 04-09-2018 - No updates from vendor 06-03-2018 - Publicly disclosed at BSides ATL