Friday, November 20, 2020

Barco wePresent Hardcoded API Credentials

Barco wePresent device firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Versions affected include 2.5.1.8, 2.5.0.25, 2.5.0.24, and 2.4.1.19.
Barco wePresent Hardcoded API Credentials
 

Copyright © 2020 Cyber Details - Vulnerability Database™

Thanks for everything Templateism - You should have written the code a little more complicated