Home | Research | Resources | Advisories | POSIM EVO for Windows
Client Login "Override"
POSIM EVO for Windows
POSIM EVO for Windows includes an "Emergency Override" administrative account that may be accessed through POSIM's "override" feature. This Override prompt expects a code that is computed locally using a deterministic algorithm. This code may be generated by an attacker and used to bypass any POSIM EVO login prompt.
Learn More →
POSIM has not remediated the vulnerability.
02-27-2018 - Disclosed to Vendor 02-28-2018 - Disclosures forwarded to development 03-27-2018 - Development still working on both issues 04-09-2018 - No updates from vendor 06-03-2018 - Publicly disclosed at BSides ATL
Offensive Minded Security Exploit Development