POSIM EVO for Windows
Client Login "Override"
CVE ID
Vendor
POSIM, LLC
Product
POSIM EVO for Windows
Product Version
15.13
Vulnerability Details
POSIM EVO for Windows includes an “Emergency Override” administrative account that may be accessed through POSIM’s “override” feature. This Override prompt expects a code that is computed locally using a deterministic algorithm. This code may be generated by an attacker and used to bypass any POSIM EVO login prompt.
Vendor Response
POSIM has not remediated the vulnerability.
Disclosure Timeline
-
Disclosed to Vendor
-
Disclosures forwarded to development
-
Development still working on both issues
-
No updates from vendor
-
Publicly disclosed at BSides ATL