CVE-2019-15294 : Exploit Details and Defense Strategies
Discover the impact of CVE-2019-15294, a vulnerability in Gallagher Command Centre versions prior to 8.10.1092(MR2) that exposes Windows credentials in plain text during upgrades.
A problem has been identified in version 8.10 of Gallagher Command Centre, specifically prior to version 8.10.1092(MR2). When performing an upgrade, if a custom service account is being utilized and the visitor management service is also installed, the Windows username and password associated with this service are recorded in plain text within the Command_centre.log file.
Understanding CVE-2019-15294
An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom service account is in use and the visitor management service is installed, the Windows username and password for this service are logged in cleartext to the Command_centre.log file.
What is CVE-2019-15294?
This CVE identifies a vulnerability in Gallagher Command Centre versions prior to 8.10.1092(MR2) that exposes Windows username and password in plain text during an upgrade process.
The Impact of CVE-2019-15294
The vulnerability allows sensitive information, such as Windows credentials, to be stored in plain text, posing a significant security risk. Attackers could potentially access and misuse this information for unauthorized access.
Technical Details of CVE-2019-15294
Gallagher Command Centre version 8.10 before 8.10.1092(MR2) is affected by this vulnerability.
Vulnerability Description
During an upgrade process, if a custom service account is used along with the visitor management service, Windows credentials are stored in plain text in the Command_centre.log file.
Affected Systems and Versions
- Systems running Gallagher Command Centre version 8.10 and earlier, up to version 8.10.1092(MR2).
Exploitation Mechanism
- An attacker with access to the Command_centre.log file could extract the plain text Windows username and password, potentially leading to unauthorized system access.
Mitigation and Prevention
It is crucial to take immediate steps to address and prevent exploitation of this vulnerability.
Immediate Steps to Take
- Upgrade to version 8.10.1092(MR2) or later that includes a fix for this issue.
- Regularly monitor the Command_centre.log file for any unauthorized access.
Long-Term Security Practices
- Implement strong password policies and avoid storing sensitive information in plain text.
- Conduct regular security audits and penetration testing to identify and address vulnerabilities.
Patching and Updates
- Apply security patches and updates provided by Gallagher Security to ensure the latest fixes are in place.