Philips IntelliSpace Portal and Advanced Visualization Workspace Hardcoded Credentials Vulnerability

A vulnerability exists in Philips IntelliSpace Portal versions 12 and prior, as well as Advanced Visualization Workspace version 15, due to a lack of protection against reverse engineering. The application binaries are not obfuscated and lack measures to prevent decompilation, disassembly, or debugging. This absence of safeguards allows attackers to reverse-engineer the application, potentially uncovering sensitive information, business logic flaws, and other vulnerabilities. Exploiting this weakness, an attacker identified hardcoded credentials in the 'PortalUsersDatabase.dll', which includes .NET remoting definitions. Within the 'PortalUsersDatabase' namespace, the 'Users' class features 'CreateAdmin' and 'CreateService' functions, designed to initialize accounts in the Portal service. Both functions contain hardcoded encrypted passwords, along with their respective salts, set using the 'SetInitialPasswordAndSalt' function.

Impact

The vulnerability allows for the extraction of hardcoded credentials, which could be used to gain unauthorized access or privileges within the affected applications.