News

Kiosk software vendor Uniguest addresses vulnerabilities, wins accolades from security services firm

July 17, 2019

Trustwave, a cybersecurity and managed security services provider, recently uncovered vulnerabilites in the Uniguest kiosk customer-facing software, which is used by the hospitality, senior living, specialty retail, education and corporate sectors. Trustwave commended Uniguest for promptly recognizing and responding to the issues.

Adrian Pruteanu, a security consultant, stated in a Trustwave blog that vulnerabilities were found in a legacy Uniguest unit that exposed credentials. The blog describes the initial vulnerabilities in detail. Uniguest responded to the issue by placing ucrew.uniguest.com, a website that contains tools that technicians use to deploy or manage a kiosk on location, behind an authentication portal.

Pruteanu said Uniguest was quick in its response to the issues, but after verifying the fixes, Pruteanu claimed to find more issues. Uniguest worked with Trustwave's advisory team during the first and subsequent findings, and was open to all findings, Pruteanu said. Pruteanu said Uniguest did not agree with Trustwave on one of the vulnerabilities.

Price Barnes, vice president of technology at Uniguest, told Kiosk Marketplace via email that the company has "fully remediated all potential attack vectors surfaced in their research." 

"Key take-aways of the full Trustwave report are that this is exclusive to our legacy SA7 platform and while Trustwave did find a potential weakness, we have no evidence of our CRM data being breached," Barnes said. "As the Trustwave article notes, our current platform, SA10, has been penetration tested by a third-party security partner and undergoes supplementary testing with each major release."