IDC SFX2100 Satellite Receiver Hardcoded Insecure Credentials in World-Readable Configuration Files

A vulnerability exists in the IDC SFX2100 Satellite Receiver firmware, which is used by organizations such as the US Department of Defense and the European Space Agency. The issue arises from multiple daemon configuration files for routing components, including zebra, bgpd, ospfd, and ripd, which are owned by root but world-readable. These configuration files contain hardcoded or otherwise insecure plaintext passwords, including 'enable' credentials. A remote actor could exploit the reuse of these credentials to access other systems on the network, gain a foothold on the satellite receiver, or potentially escalate privileges locally.

Impact

The vulnerability allows for unauthorized access to the satellite receiver and other systems on the network using the hardcoded credentials. Additionally, it could lead to local privilege escalation on the affected device.

Reproduction

The vulnerability can be reproduced by accessing the world-readable configuration files for the routing daemons. The 'bgpd.conf' file, for example, can be read to obtain the hardcoded passwords. This can be done by simply navigating to the '/etc' directory and using standard file reading commands to access the configuration files.