Author Topic: Poor security design?  (Read 1428 times)

Offline jdfoxmicro

  • Contributer
  • *
  • Posts: 25
  • Country: us
  • Karma: +0/-0
    • View Profile
    • J.D. Fox Micro
Poor security design?
« on: January 13, 2018, 11:19:15 PM »
Hello,

If you have a user in MCD/MiVoice that's not the root but is assigned "system" permissions, you can do almost anything in the system.  But, if you try to edit the properties or change the password for the root user, the interface won't allow it.  Also, the root user is the only account that can do certain things, such as customizing what forms other users are able to access. A user with "system" permissions can't.

Anyway, I found out that a user with system permissions can reset the root user's password, simply with a command entered in the Maintenance Commands. And I can confirm it works, even in the latest version of MiVoice software.

Of course, Mitel doesn't publicize this method. But, it's not something you can be sure no one knows. In other words, even though it seems a user with system permissions, per the documentation and interface messages, is not supposed to be able to do certain things the root user can, if that user knows the command to reset the root user's password, then the elevated privileges of the root account are not secured from users with only system permissions.

Thoughts, anyone?



Offline sarond

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1404
  • Country: au
  • Karma: +73/-0
    • View Profile
Re: Poor security design?
« Reply #1 on: January 14, 2018, 02:10:45 AM »
You will probably find any user with access to the maintenance commands might be able to do this. Not just system user profiles.

Agree this is something that Mitel may need to address.

Offline sunspark

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 986
  • Country: mx
  • Karma: +16/-1
    • View Profile
Re: Poor security design?
« Reply #2 on: January 14, 2018, 04:33:33 AM »
And what is rhe collnd to try it please.

Reset....?

Offline sunspark

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 986
  • Country: mx
  • Karma: +16/-1
    • View Profile
Re: Poor security design?
« Reply #3 on: January 14, 2018, 04:25:25 PM »
And what is the command to try it please.

Reset....?

Offline acejavelin

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 4099
  • Country: us
  • Karma: +133/-0
  • High-tech, heavy metal redneck!
    • View Profile
    • Like what I do and wanna help out? Send me a donation!
Re: Poor security design?
« Reply #4 on: January 14, 2018, 08:19:24 PM »
And what is the command to try it please.

Reset....?
It is clearly in the help, and will autocomplete...

RESET_ALL_LOGIN_PASSWORDS

or

RESET_LOGIN_PASSWORD <username>

This can also be done from the RTC shell with: ResetAllLoginPasswords or ResetLoginPassword "username"

And yes, you can clear user "system" from another account.

And this is both a blessing and a curse, but it is clearly a security hole.

Offline sarond

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1404
  • Country: au
  • Karma: +73/-0
    • View Profile
Re: Poor security design?
« Reply #5 on: January 14, 2018, 10:45:26 PM »
I think it should always be allowed when on site using the RS232 port.

I know other systems like this where you can't reset the password remotely but you can when on site.
This would stop most malicious incidents. 

Offline sunspark

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 986
  • Country: mx
  • Karma: +16/-1
    • View Profile
Re: Poor security design?
« Reply #6 on: January 15, 2018, 06:16:16 AM »
And what is the command to try it please.

Reset....?
It is clearly in the help, and will autocomplete...

RESET_ALL_LOGIN_PASSWORDS

or

RESET_LOGIN_PASSWORD <username>

This can also be done from the RTC shell with: ResetAllLoginPasswords or ResetLoginPassword "username"

And yes, you can clear user "system" from another account.

And this is both a blessing and a curse, but it is clearly a security hole.


Ok , we talk about the same command.


 

Sitemap 1 2 3 4 5 6 7 8 9 10