Success!

Note

Error

Session expiration Your session is going to expireClick here to extend

Budget:

1,500 - 3,000

Posted on

11/25/13 4:26 PM

Buyer:

pow***

This project has expired

Why don't you register anyway? We are sure that you will find many similar projects out of the thousands waiting for you!

Post similar project now

Description

We require the analysis and program upgrade of an existing Web Based Remote Control Unit with integral software on an Armadillo A4200-U00Z card.

Problem includes the following:

A) The network settings can be accessed and edited without authentication via login. B) All the passwords and user names can be easily obtained as they are cached by the RCU within the web browser.  By accessing the cache every user name and password can be easily viewed allowing anyone access to the RCU at any level.

C) Section of connection with an expired time

D) Infinite try for login

 

Suggested/possible solution:

The user and password are saved in a text file not encrypted in file (inidata.ini), is possible to encrypt this values, so the value is already visible but with not meaning for the people that read it. For this feature need to modify the cgi file for login and for save user and password. The pages don’t check the user level on enter IT. Is possible to write the level in a global variable and every time that enter in a page check it. For this feature need to add a javascript code in every page and change a cgi file for login. The user can try infinite time for login, so with a “brutefoce” action will be possible found a password will be possible add a maximum number of try to go in, check it every time the page is loaded, and look for any minutes for wrong access. For this feature need to modify the cgi file in login page and add a variable for count log in actions.