zoneminder frontdoor exploit found

Support and queries relating to all previous versions of ZoneMinder
Locked
reza
Posts: 21
Joined: Sat Jan 15, 2005 7:58 pm

zoneminder frontdoor exploit found

Post by reza »

I've managed to find a security hole that will give you admin access in zoneminder without a need for a password. I've emailed the zoneminder user and gave him the details, and hope the fix gets out in the next release. I'm hessitant to give any details publicly till a patch is made to fix the hole. I'm posting here in case there is soneone else I should email. I couldn't find the author's email address on the website.

Reza
Top
User avatar
cordel
Posts: 5210
Joined: Fri Mar 05, 2004 4:47 pm
Location: /USA/Washington/Seattle

Post by cordel »

Thank you reza,
I'll email Phil and make sure he gets the info. I'll PM you with an email address to send the information. the next release is scheduled to come out in a day or two.
Cordel
Top
User avatar
cordel
Posts: 5210
Joined: Fri Mar 05, 2004 4:47 pm
Location: /USA/Washington/Seattle

Post by cordel »

Info Forwarded
Thankyou,
Cordel
Top
User avatar
zoneminder
Site Admin
Posts: 5215
Joined: Wed Jul 09, 2003 2:07 pm
Location: Bristol, UK
Contact:
Contact zoneminder

Post by zoneminder »

This problem has now been addressed.

Thanks for letting me kow.

Phil
Top
Locked

Return to “ZoneMinder Previous Versions”