Sign in / up

back to article Security cameras leak credentials, live video

D-Link and Vivotek have submitted their entries for “dumbest security vulnerability of 2013”, with Core Security turning up a variety of daft bugs in their IP cameras, including hard-coded backdoor passwords. The advisories are here for Vivotek and here for D-Link. D-Link has told Core Security it is preparing a fix, but the …

COMMENTS

House rules Send corrections
This topic is closed for new posts.
  1. Stephen 2

    Same problem

    I've had a number of IP cameras over the years and it rarely takes more than 15 mins to find a way to access the feed without logging in. Seems to be an issue across the board and not just these brands.

    1 0
  2. Anonymous Coward
    Anonymous Coward

    Sometimes a private network is the only answer

    I always assume any such gear is inherently insecure no matter who makes it or what their claims are, and insure it is on an isolated network. If you have a web server on the same VLAN as the cameras, you deserve what you get.

    1 0
  3. Anonymous Coward
    Anonymous Coward

    Also analogue

    Analogue DVRs are also problematic. There's one brand of DVR - I forget which - that sends the full config (including passwords) in the background, in plain text, immediately after you log on with a read-only guest or demo account.

    0 0
  4. nuked
    Alert

    At what point do these 'blunders' become so extreme that people start to question intent?

    0 0
  5. Anonymous Coward
    Anonymous Coward

    Worst vulnerability ever

    At first glance: "Video leaks as ASCII" made me think: Who-hoo, ASCII porn!

    0 0
This topic is closed for new posts.

Other stories you might like