Beward Intercom Credentials Disclosure Vulnerability

A credentials disclosure vulnerability exists in Beward Intercom version 2.3.1, allowing local attackers to access plain-text authentication credentials from an unencrypted database file. The vulnerability arises because the application stores sensitive information in a binary file called BEWARD.INTERCOM.FDB, which can be read to extract usernames and passwords. This exploitation enables unauthorized access to IP cameras and door stations.

Impact

Exploitation of this vulnerability allows for the unauthorized disclosure of authentication credentials, which can be used to gain access to affected IP cameras and door stations, bypassing existing access controls.

Reproduction

The vulnerability can be reproduced by accessing the BEWARD.INTERCOM.FDB file, which is located in different directories depending on the version of the software. For versions 2.2.11 and above, the file is found in the 'C:\ProgramData\BEWARD\BEWARD Intercom\DB\' directory. For versions prior to 2.2.11, the file is located in the 'C:\Users\%username%\AppData\Local\Beward R&D Co., Ltd\BEWARD Intercom\DB\' directory. Once the file is accessed, a local attacker can use a script to extract the plain-text usernames and passwords stored within.