Yoosee camera has a large number of weak password vulnerabilities
A rough detection of a vulnerability, do not do a deep study of the vulnerability The computer program through data. db database writes can be batch import id and weak password, such as 123, after injection, open your program all connected batch scanning weak password camera intrusion, serious threat to user privacy Mobile app has an eye for the program can also manually enter the id plus password 123 to manually scan the intrusion customer camera threat user privacy.
Suggested solutions:
1. remind the user to change the weak password
2. computer CMS encrypts data. db to prevent bulk injection
3. the mobile version of app is improved, the verification code needs to be entered when connecting the equipment, the same user logs in different accounts in a short time and the password input error, and the title processing
4. the camera assigns complex passwords randomly as far as possible, and does not unify the factory password 5. after the program is updated, abandon the old program, make the old program can not use, prevent hackers continue to use the old version of the program to crack .
The camera design privacy has no trivial matter, hope your company as soon as possible the harmonious loophole, protects the customer privacy, hoped that your company to see this information, can give me the mailbox sends a mail to reply.
A rough detection of a vulnerability, do not do a deep study of the vulnerability The computer program through data. db database writes can be batch import id and weak password, such as 123, after injection, open your program all connected batch scanning weak password camera intrusion, serious threat to user privacy Mobile app has an eye for the program can also manually enter the id plus password 123 to manually scan the intrusion customer camera threat user privacy.
Suggested solutions:
1. remind the user to change the weak password
2. computer CMS encrypts data. db to prevent bulk injection
3. the mobile version of app is improved, the verification code needs to be entered when connecting the equipment, the same user logs in different accounts in a short time and the password input error, and the title processing
4. the camera assigns complex passwords randomly as far as possible, and does not unify the factory password 5. after the program is updated, abandon the old program, make the old program can not use, prevent hackers continue to use the old version of the program to crack .
The camera design privacy has no trivial matter, hope your company as soon as possible the harmonious loophole, protects the customer privacy, hoped that your company to see this information, can give me the mailbox sends a mail to reply.
Last edited: