Client Login "Override"
POSIM EVO for Windows
POSIM EVO for Windows includes an "Emergency Override" administrative account that may be accessed through POSIM's "override" feature. This Override prompt expects a code that is computed locally using a deterministic algorithm. This code may be generated by an attacker and used to bypass any POSIM EVO login prompt.
POSIM has not remediated the vulnerability.
02-27-2018 - Disclosed to Vendor 02-28-2018 - Disclosures forwarded to development 03-27-2018 - Development still working on both issues 04-09-2018 - No updates from vendor 06-03-2018 - Publicly disclosed at BSides ATL
Offensive Minded Security Exploit Development