Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Hikvision Info Leak

By kannthu

Medium
Vidoc logoVidoc Module
#exposure#config#hikvision
Description

What is the "Hikvision Info Leak?"

The "Hikvision Info Leak" module is designed to detect a specific vulnerability in Hikvision software. Hikvision is a popular brand that provides video surveillance products and solutions. This module focuses on identifying instances where sensitive information, such as usernames and passwords, may be exposed due to misconfigurations in the Hikvision system.

This vulnerability is classified as medium severity, indicating that it has the potential to cause significant harm if exploited. It is important for system administrators and users of Hikvision software to be aware of this vulnerability and take appropriate measures to mitigate the risk.

This module was authored by pikpikcu.

Impact

If the "Hikvision Info Leak" vulnerability is present and exploited, it could lead to unauthorized access to the Hikvision system. This can result in the compromise of sensitive data, unauthorized surveillance, or unauthorized control over the surveillance system. It is crucial to address this vulnerability promptly to prevent potential security breaches.

How does the module work?

The "Hikvision Info Leak" module works by sending HTTP requests to the target system and analyzing the responses for specific patterns. It looks for the presence of certain keywords, such as "

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/config/user.xml
Matching conditions
word: <user name=, password=and
word: text/xml
Passive global matcher
No matching conditions.
On match action
Report vulnerability