SICK Field Analytics and Media Server Weak Password Hash Vulnerability Allowing FTP Account Access
Vulnerability
A vulnerability exists in SICK Field Analytics and SICK Media Server due to the use of a weak password hashing algorithm. This flaw enables attackers to crack password hashes and gain unauthorized access to FTP user accounts. The vulnerability is present in all versions of SICK Media Server prior to 1.5, as well as in SICK Field Analytics. The issue arises from inadequate cryptographic practices, leaving password hashes susceptible to exploitation.
Impact
Successful exploitation of this vulnerability allows attackers to gain access to FTP user accounts by cracking weak password hashes.
Remediation
Users are strongly advised to upgrade to the latest version of SICK Media Server (version 1.5 or later). For SICK Field Analytics, it is recommended to follow general security practices when operating the product, such as minimizing network exposure and restricting access to trusted entities.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.