"An Argentinian security researcher named Ezequiel Fernandez has published a powerful new tool yesterday that can easily extract plaintext credentials for various DVR brands and grant attackers access to those systems, and inherently the video feeds they're supposed to record," reports Bleeping Computer. "The tool, named getDVR_Credentials, is a proof-of-concept for CVE-2018-9995, a vulnerability discovered by Fernandez at the start of last month, [affecting TBK DVR systems]. Fernandez discovered that by accessing the control panel of specific DVRs with a cookie header of 'Cookie: uid=admin,' the DVR would respond with the device's admin credentials in cleartext."
Link
Powerful tool? It is just sending a cookie. What a security screw up.Link
