The login interface on TNLSoftSolutions Sentry Vision 3.x devices provides password disclosure by reading an if(pwd == line in the HTML source code. This means, in effect, that authentication occurs only on the client side.
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Sentry_vision | Tnlsoftsolutions | 3.0 (including) | 3.0 (including) |
Sentry_vision | Tnlsoftsolutions | 3.1 (including) | 3.1 (including) |
Sentry_vision | Tnlsoftsolutions | 3.2 (including) | 3.2 (including) |