Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

RVD#3322: Weak authentication implementation make the system vulnerable to a brute-force attack over adjacent networks #3322

Open
rvd-bot opened this issue Jul 15, 2020 · 0 comments
Open

RVD#3322: Weak authentication implementation make the system vulnerable to a brute-force attack over adjacent networks #3322

rvd-bot opened this issue Jul 15, 2020 · 0 comments
Labels
components hardware Vulnerabilities in hardware robot components (e.g. a LIDAR) robot: xArm5 Lite robot: xArm6 robot: xArm7 severity: high 7.0 - 8.9 vendor: UFactory vulnerability

Comments

@rvd-bot
Copy link
Contributor

rvd-bot commented Jul 15, 2020
edited by vmayoral
Loading 

id: 3322
title: 'RVD#3322: Weak authentication implementation make the system vulnerable to
  a brute-force attack over adjacent networks'
type: vulnerability
description: The authentication implementation on the xArm controller has very low
  entropy, making it vulnerable to a brute-force attack. There is no mechanism in
  place to mitigate or lockout automated attempts to gain access.
cwe: CWE-307
cve: CVE-2020-10285
keywords:
- xArm5 Lite, xArm6, xArm7, authentication
system: xArm5 Lite v1.5.0 and before, xArm6, xArm7
vendor: uFactory
severity:
  rvss-score: 8.3
  rvss-vector: RVSS:1.0/AV:AN/AC:L/PR:N/UI:N/S:U/Y:Z/C:H/I:L/A:H/H:U
  severity-description: high
  cvss-score: 8.3
  cvss-vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
links:
- https://cwe.mitre.org/data/definitions/307.html
- https://github.com/aliasrobotics/RVD/issues/3322
flaw:
  phase: runtime-operation
  specificity: general-issue
  architectural-location: application-specific
  application: Gentoo Linux
  subsystem: SSH
  package: N/A
  languages: N/A
  date-detected: 2020-06-18
  detected-by: Alfonso Glera (Alias Robotics)
  detected-by-method: testing-dynamic alutiry:robo_xarm
  date-reported: '2020-07-15'
  reported-by: "Victor Mayoral Vilches (Alias Robotics)"
  reported-by-relationship: null
  issue: https://github.com/aliasrobotics/RVD/issues/3322
  reproducibility: always
  trace: Not disclosed
  reproduction: Not disclosed
  reproduction-image: Not disclosed
exploitation:
  description: Not disclosed
  exploitation-image: Not disclosed
  exploitation-vector: Not disclosed
  exploitation-recipe: ''
mitigation:
  description: Not disclosed
  pull-request: Not disclosed
  date-mitigation: null
@rvd-bot rvd-bot changed the title Weak authentication implementation make the system vulnerable to a brute-force attack over adjacent networks RVD#3322: Weak authentication implementation make the system vulnerable to a brute-force attack over adjacent networks Jul 15, 2020
@vmayoral vmayoral added the components hardware Vulnerabilities in hardware robot components (e.g. a LIDAR) label Jul 15, 2020
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
components hardware Vulnerabilities in hardware robot components (e.g. a LIDAR) robot: xArm5 Lite robot: xArm6 robot: xArm7 severity: high 7.0 - 8.9 vendor: UFactory vulnerability
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vmayoral @rvd-bot