CVE-2019-3909 – Premisys Identicard version 3.1.190 uses hardco... (How to Fix)

Q: What is the severity of CVE-2019-3909?

CVE-2019-3909 has a CVSS score of 9.8 (CRITICAL). Premisys Identicard version 3.1.190 uses hardcoded default database credentials that cannot be changed by users, requiring vendor intervention. This allows attackers to gain unauthorized access to the database, potentially compromising sensitive access control data. All systems running this specific version are affected.

📋 TL;DR

Premisys Identicard version 3.1.190 uses hardcoded default database credentials that cannot be changed by users, requiring vendor intervention. This allows attackers to gain unauthorized access to the database, potentially compromising sensitive access control data. All systems running this specific version are affected.

💻 Affected Systems

Products:

Premisys Identicard

Versions: 3.1.190

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default configuration with hardcoded credentials that users cannot change.

📦 What is this software?

Premisys Id by Identicard

View all CVEs affecting Premisys Id →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the access control system database, allowing attackers to modify user permissions, disable security controls, or exfiltrate sensitive personnel data.

🟠

Likely Case

Unauthorized access to the database leading to data theft, privilege escalation, or manipulation of access control records.

🟢

If Mitigated

Limited impact if database is isolated behind network segmentation and access controls, though credentials remain exposed.

🌐 Internet-Facing: HIGH - If the database is exposed to the internet, attackers can easily exploit default credentials.

🏢 Internal Only: HIGH - Even internally, default credentials pose significant risk from insider threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only knowledge of the default credentials, which are documented in public advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Contact vendor for updated version

Vendor Advisory: https://www.tenable.com/security/research/tra-2019-01

Restart Required: Yes

Instructions:

1. Contact Premisys Identicard vendor for updated version. 2. Install vendor-provided update. 3. Restart the application and database services. 4. Verify new credentials are in place and functional.

🔧 Temporary Workarounds

Network Isolation

all

Restrict database access to only necessary systems using firewall rules

# Windows Firewall: New-NetFirewallRule -DisplayName "Block Identicard DB" -Direction Inbound -LocalPort 1433 -Protocol TCP -Action Block
# Linux iptables: iptables -A INPUT -p tcp --dport 1433 -j DROP

Database Credential Rotation via Vendor

all

Contact vendor to change database credentials

🧯 If You Can't Patch

Isolate the database server on a dedicated VLAN with strict access controls
Implement network monitoring and alerting for unauthorized database access attempts

🔍 How to Verify

Check if Vulnerable:

Check if Premisys Identicard version is 3.1.190 and attempt to authenticate to the database using default credentials documented in security advisories.

Check Version:

Check application version in the Premisys Identicard administration interface or installation directory.

Verify Fix Applied:

Verify with vendor that updated version has been installed and test that default credentials no longer work for database authentication.

📡 Detection & Monitoring

Log Indicators:

Failed authentication attempts followed by successful authentication with default credentials
Unusual database queries from unexpected source IPs

Network Indicators:

Database connection attempts on default ports (typically 1433 for SQL Server) from unauthorized sources

SIEM Query:

source="database_logs" AND (event_type="authentication_success" AND user="default_user") OR (destination_port=1433 AND source_ip NOT IN [authorized_ips])

📊 Metadata

CVE ID: CVE-2019-3909

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-1188

Published: January 18, 2019

Last Updated: November 21, 2024

🔗 References

http://www.securityfocus.com/bid/106552 Third Party Advisory,VDB Entry
https://www.tenable.com/security/research/tra-2019-01 Third Party Advisory
http://www.securityfocus.com/bid/106552 Third Party Advisory,VDB Entry
https://www.tenable.com/security/research/tra-2019-01 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-3909, you might also want to check these: