CVE-2020-37228

Vulnerability

The CAPTCHA authentication routine in iDS6 DSSPro Digital Signage System (versions V6.2 B2014.12.12.1220, V5.6 B2017.07.12.1757, and V4.3) contains a security bypass vulnerability. By requesting the autoLoginVerifyCode object via the /Pages/login!autoLoginVerifyCode endpoint, the server returns a JSON response containing a valid CAPTCHA code in the message field, bypassing the visual challenge [2][3].

Exploitation

An attacker with network access to the DSSPro web interface can send a GET request to /Pages/login!autoLoginVerifyCode to retrieve a CAPTCHA code. The attacker then uses that code in a POST request to /Pages/login!userValidate with the desired username and password, along with the retrieved code, to attempt authentication. No prior authentication or user interaction is required [2].

Impact

Successful exploitation removes the CAPTCHA safeguard, allowing attackers to perform automated brute-force attacks against user accounts. This can lead to unauthorized access to the Digital Signage System, potentially granting control over signage displays and network resources. The vulnerability is classified as CWE-307 (Improper Restriction of Excessive Authentication Attempts) [3].

Mitigation

No vendor patch has been released for this vulnerability as of the available references. Users should implement network-level controls such as a web application firewall (WAF) to block or rate-limit requests to the /Pages/login!autoLoginVerifyCode endpoint. Alternatively, deploy additional authentication mechanisms (e.g., multi-factor authentication) to mitigate brute-force attacks. The system remains vulnerable without these workarounds [2][3].