News

New security policy for the HIKVISION videosurveillance devices

picture
Share Tweet

Hikvision introduce new security policy in recent firmware versions of the DVR/ NVR recorders. The new policy is focused on the follow:

1. Upon initial entry, the user is asked to change the "admin" default password "12345" or if introduced another if the one already used is with low level of security. The new password must meet the following criteria:

  • Length of 8 to 16 characters. Minimum length of 8 characters.
  • The password must contain numbers, letters, capital letters or special characters, such as are required at least two types of them (such as lowercase letters and digits).
  • Changing the password is obligatory (can not remain the default password).
  • The requirement for a complex password can not be excluded!

2. After five consecutive attempts to login with the wrong password, the following happens:

  • When trying to remote login over the network: IP address of the device that attempts were made from locks for 30 minutes. During this time, it is possible to connect through another IP address with the same user. This setting can be seen after connection with a new version of iVMS4200 (version 2.3.1.3 or higher) in the menu "System" -> "Login security", where IP addresses can be "unlocked" or directly to prohibit this security level.
  • When trying to login locally on the DVR: User lock for 1 minute..

    Note: If you change the password of DVR and this recorder is registered at various remote locations (eg. computers running iVMS4200 or mobile telephones with iVMS4500) it is possible corresponding IP addresses to be blocked earlier, since the software is trying to connect with the old password which DVR report as invalid input attempt. I.e. it is required password to be replaced at all remote locations.

3. The new security policy is also reflected in the new version V.2.3.1.3 of iVMS-4200:

  • Change in the way your recording devices for video surveillance are registered in the HIKVISION software
  • All new devices with the latest firmware must be enabled by putting a password before they are added to the iVMS-4200
  • A new method for password recovery devices.
  • Optimized strategy to lock specific devices

More details of the new security policy can be learn here

Latest version of HIKVISION iVMS-4200 (v2.3.1.3) can be downloaded from her