CVE-2022-45546

About the Application

ScreenCheck BadgeMaker is a suite of applications that allow clients to design, create and operate identity badges. The suite consists of:

• BadgeMaker Identity. Application used to authenticate into the Share Server database and manage information inside.

• BadgeMaker Design. Responsible for designing and creating badges.

• BadgeMaker Share Server. Database server responsible for holding all of the information stored in badges.

About the Finding

BadgeMaker v2.6.2.0 and below allow unencrypted plain-text traffic to flow in the network. The design choice of transmitting information create an opportunity for internal personnel to sniff the traffic, thus allowing obtaining credentials used to authenticate into the Share Server and viewing information exchanged between Share Server database and Identity client.

PoC || GTFO

For the simplicity of vulnerability, not much is required besides basic knowledge of Wireshark. Example below will provide a look of how the traffic looks when attempting to authenticate using incorrect credentials and correct credentials.

Some of the information has been redacted for obvious reasons.

Incorrect Credentials

Attempting to authenticate using incorrect credentials

Snooping traffic between Share Server and Identity

Correct Credentials

Attempting to authenticate using correct credentials

Snooping traffic between Share Server and Identity

Conclusion

There is no reason to have plain-text unencrypted traffic flowing freely in the traffic, especially when it comes to credentials and sensitive information. Implementing encryption is a necessity. Until the security feature is implemented, isolate Share Server database and Identity clients from the rest of the network to mitigate information disclosure vulnerability.

CVE - CVE-2022-45546