Security Notice - Statement on Insecure Cookie Handling Vulnerability in hik-connect.com
SN No: HSRC-201804-09
Edit: Hikvision Security Response Center (HSRC)
Initial Release Date: 2018-04-24
On April 23, 2018, HSRC (Hikvision Security Response Center) received the report of "Insecure Cookie Handling" vulnerability in "hik-connect.com" from Vangelis Stykas and George Lavdanis.
HSRC has immediately checked all cloud service platforms, confirming that only "hik-connect.com" was affected. All repairs have been completed by 2 p.m. on April 24.HSRC is not aware of any public or malicious use launch to attack through the vulnerability described in this advisory.
This vulnerability was reported to HSRC by Vangelis Stykas & George Lavdanis. HSRC would like to thank Vangelis Stykas & George Lavdanis for working with us and coordinating vulnerability disclosure to protect our customers.
For security problems about Hikvision products and solutions, please contact Hikvision Security Response Center at firstname.lastname@example.org.