Weak cryptographic entropy in HMS Networks gateways allows attackers with a captured session cookie to crack user passwords, leading to unauthorized administrative access.

The firmware utilizes insufficient entropy when generating authentication cookies. An attacker who successfully intercepts or steals a valid session cookie can perform an offline brute-force attack against the encryption parameters to reverse-engineer and identify the plaintext user password.

The compromise of administrative passwords on industrial gateways grants attackers full control over the device and the traffic it manages. With a CVSS score of 9.1, this vulnerability represents a high risk to the confidentiality of credentials. Once a password is recovered, the attacker can maintain persistent access and potentially manipulate industrial processes.

Immediate Action: Update device firmware to the latest versions (15.0s4, 22.1s6, or 23.0s3) to implement stronger entropy for session management.

Proactive Monitoring: Monitor for multiple failed login attempts or unusual administrative activity that might indicate the use of compromised credentials.

Compensating Controls: Enforce the use of HTTPS for all management sessions to prevent cookie interception and implement multi-factor authentication where supported.

Public Exploit Available: false

The recovery of plaintext passwords through session analysis is a critical security failure. Administrators must update HMS Networks firmware immediately. After updating, it is strongly recommended that all administrative passwords be changed, as they may have been previously compromised without detection.