Title: Beck IPC GmbH IPC@CHIP TelnetD Account Enumeration Vulnerability
Severity: CRITICAL
Description:
The IPC@Chip is a single-chip embedded webserver from Beck GmbH.
The device's inbuilt telnetd service may allow a remote user to confirm names of valid telnet accounts.
Each time a remote user attempts to connect to the telnet service, one of two prompts is issued following the user-supplied login id. If the given account exists, the user will be prompted with "Password:". If the user has supplied an invalid telnet account name, the system will respond with "User unknown."
In combination with brute-force password techniques, to which this device is reportedly vulnerable, this can permit a remote attacker to compromise arbitrary accounts on the system. Properly exploited, this can lead to a compromise of the device's normal operation.
Affected Products:
- Beck IPC GmbH IPC@CHIP Embedded-Webserver
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
