Today the DHS ICS-CERT published an advisory for i-GEN
Solutions’ opLYNX Central application. The Advisory is based upon an
authentication bypass vulnerability reported in a coordinated disclosure by Anthony
Cicalla.
ICS-CERT reports that the vulnerability would allow a
relatively unskilled attacker using publicly available tools to disable
Javascript to remotely bypass the authentication on the system. A new version
of opLYNX has been tested by the researcher who reports that it resolves the
vulnerability.
Following an apparently common recent trend, i-GEN Solutions
automatically installs the new version during logon and automatically applies
it to the local system. It is nice to know that vendors have so thoroughly tested
the revised version of the software that they know that it will properly work
in all implementations of the system.
Interesting question: If i-GEN Solutions can change base
program remotely, apparently without notification/permission, could an attacker
infiltrate their enterprise system and do a mass change that would corrupt all
user systems?
Posts
No comments:
Post a Comment