New research by Tenable has found serious vulnerabilities affecting PremiSys, a building access control system by US firm IDenticard that is used by tens of thousands of government agencies, schools, hospitals and companies around the world.
The various vulnerabilities include the presence of a hard-coded backdoor account that can allow attackers to create fake badges in order to enter buildings and restricted areas. PremiSys also fails to properly secure client login details and other sensitive information.
Read more: https://www.securityweek.com/unpatched-flaws-building-access-system-allow-hackers-create-fake-badges