Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RVD#3322: Weak authentication implementation make the system vulnerable to a brute-force attack over adjacent networks #3322

Open
rvd-bot opened this issue Jul 15, 2020 · 0 comments
Open

RVD#3322: Weak authentication implementation make the system vulnerable to a brute-force attack over adjacent networks #3322

rvd-bot opened this issue Jul 15, 2020 · 0 comments
Labels
components hardware Vulnerabilities in hardware robot components (e.g. a LIDAR) robot: xArm5 Lite robot: xArm6 robot: xArm7 severity: high 7.0 - 8.9 vendor: UFactory vulnerability

Comments

@rvd-bot
Copy link
Contributor

rvd-bot commented Jul 15, 2020
edited by vmayoral 

id: 3322
title: 'RVD#3322: Weak authentication implementation make the system vulnerable to
  a brute-force attack over adjacent networks'
type: vulnerability
description: The authentication implementation on the xArm controller has very low
  entropy, making it vulnerable to a brute-force attack. There is no mechanism in
  place to mitigate or lockout automated attempts to gain access.
cwe: CWE-307
cve: CVE-2020-10285
keywords:
- xArm5 Lite, xArm6, xArm7, authentication
system: xArm5 Lite v1.5.0 and before, xArm6, xArm7
vendor: uFactory
severity:
  rvss-score: 8.3
  rvss-vector: RVSS:1.0/AV:AN/AC:L/PR:N/UI:N/S:U/Y:Z/C:H/I:L/A:H/H:U
  severity-description: high
  cvss-score: 8.3
  cvss-vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
links:
- https://cwe.mitre.org/data/definitions/307.html
- https://github.com/aliasrobotics/RVD/issues/3322
flaw:
  phase: runtime-operation
  specificity: general-issue
  architectural-location: application-specific
  application: Gentoo Linux
  subsystem: SSH
  package: N/A
  languages: N/A
  date-detected: 2020-06-18
  detected-by: Alfonso Glera (Alias Robotics)
  detected-by-method: testing-dynamic alutiry:robo_xarm
  date-reported: '2020-07-15'
  reported-by: "Victor Mayoral Vilches (Alias Robotics)"
  reported-by-relationship: null
  issue: https://github.com/aliasrobotics/RVD/issues/3322
  reproducibility: always
  trace: Not disclosed
  reproduction: Not disclosed
  reproduction-image: Not disclosed
exploitation:
  description: Not disclosed
  exploitation-image: Not disclosed
  exploitation-vector: Not disclosed
  exploitation-recipe: ''
mitigation:
  description: Not disclosed
  pull-request: Not disclosed
  date-mitigation: null
@rvd-bot rvd-bot changed the title Weak authentication implementation make the system vulnerable to a brute-force attack over adjacent networks RVD#3322: Weak authentication implementation make the system vulnerable to a brute-force attack over adjacent networks Jul 15, 2020
@vmayoral vmayoral added the components hardware Vulnerabilities in hardware robot components (e.g. a LIDAR) label Jul 15, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
components hardware Vulnerabilities in hardware robot components (e.g. a LIDAR) robot: xArm5 Lite robot: xArm6 robot: xArm7 severity: high 7.0 - 8.9 vendor: UFactory vulnerability
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vmayoral @rvd-bot