Title: Webgate WebEye Information Disclosure Vulnerability
Severity: HIGH
Description:
Webgate WebEye is a webcam server software that allows users to monitor cameras remotely through a web browser.
A vulnerability has been reported to exist in the software that may allow an attacker to harvest usernames and passwords. The issue presents itself due to a flaw in the '/admin/wg_user-info.ml' script that fails to verify user credentials before returning sensitive information. It has been reported that if 'USER_ID' cookie value is set to 0, an attacker can gain access to sensitive data such as usernames and passwords.
Successful exploitation of this issue may allow an attacker to harvest sensitive information that could be used to mount further attacks against a system.
Affected Products:
- Webgate WebEye 0.0.0B101
- Webgate WebEye 0.0.0B106
- Webgate WebEye 0.0.0E10
- Webgate WebEye 0.0.0E104
- Webgate WebEye 0.0.0E20
- Webgate WebEye 0.0.0SPD
References:
- Webgate: WebEye Product Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
