Nx Witness <> Device password change behaviour
AnsweredHello all,
Can I please confirm the exact behaviour between Nx Withness and various brands of cameras when the password has been changed on the camera?
I've noticed that once a password is changed on a device, Nx Witness won't accept the new password via Camera Settings > Edit Credentials and keeps operating fine as is. I changed some passwords over a day ago, and the camera is still streaming.
The camera is currently recording/live.
I'm assuming if I reboot the camera it will prompt for the new password? and that this is a feature to not interrupt the streaming/recording?
Thanks!
-
Hi Elijah Lambert,
I tried to reproduce the following scenario.
- Add camera to VMS and record it and/or display the camera in a layout
- Login to camera web interface and change the credentials
Result: camera continues to stream as long as the RTSP stream is in PLAY mode and RTP packets are sent.
This is expected behavior, for the simple reason the camera won't ask for additional authorization, and we can't invoke that from the VMS side. It would cause interceptions in the stream if we would, since we need to TEARDOWN the RTSP stream first.
However, as soon as I reboot the server application or the camera, the device shows as unauthorized in the VMS, since the RTSP stream was disconnected and authorization is required again.
-
Ok, thanks for confirming Norman!
A second part to the question, once I update the credentials in Nx Witness the camera stays as Unauthorized. I've found that if I sit there entering the same password over and over again it will be successful after a while.
How long did it take for your test camera to accept the new credentials and steam in the layout again?
-
I've probably answered my question here, the time for the new credentials to work in Vx Witness depends on how old, the brand, and the software the device is running.
New devices from Hikvision update very quickly, whereas older Hikvision and Dahua cameras can take 5 minutes to never authorize again.
-
Hello Elijah Lambert,
I hope this message finds you well. In response to your question, I observed that for my test camera, the process took a few seconds, significantly less than a minute. If you use a tool like Wireshark, you'll notice a sequence of requests being sent and received, and the timing may vary depending on the brand. Cameras connected through Onvif tend to take a bit longer, but we're still talking about a matter of seconds.
Regarding older Hikvision and Dahua cameras, I suspect the delay might be linked to the historical use of hard-coded passwords. Updating these cameras to the latest firmware versions should address the hard-coded password issue. If newer firmware is unavailable, we'd be more than happy to investigate further and and check if we can find a solution. However, this would require remote access through port forwarding to the device so we can include it in our test environment.
-
Hi,
Let me just offer my 2 cents based on my experience with VIVOTEK, Hik and Dahua devices.
I suspect that if Nx tried to connect with the wrong password, the camera will block Nx's access to the camera for 5 minutes, because it probably tried the wrong password more than X ammount of times, and this might be why Elijah Lambert had to wait 5 minutes until it was successfull in making the connection.
Due to me being impatient when deploying a system, I constantly am rebooting the cameras when I suspect this is the case, and in many situation that confirms my suspicion that it was a soft block from the camera that was reset after rebooting it.
-
Hi Miguel Câmara,
The theory, you've shared, does indeed make sense. However, I'd like to highlight that in Nx, there is a mechanism in place to address this concern. The system limits the number of login attempts after a certain threshold, and this threshold varies depending on the brand, to avoid exceeding this limit.
-
I wasn't that mechanism was implemented and I think it's great that it exists, however, I have seen this behaviour multiple times... Maybe in those cases I (or our partner) inserted the wrong password and so Nx tried both the default password and my wrong password and that was enough to go over the limit of the mechanism.
However, in VIVOTEK, you might not take into account the onboard TrendMicro security package that will identify the attempt as a brute force and block the connection from Nx for a while, not sure how many minutes, it's not announced like in HIK or Dahua cameras.
Regardless, when you are 100% sure the password is correct, a camera reboot might just be what can avoid a frustration of ending up in the very common situation of "but everything is correctly setup but it still won't work" :)
-
Hi Miguel Câmara,
I'm not aware of the TrendMicro security package, however if it was intended to stop brute forcing, the number of login attempts within N time might be related.
I have one VIVOTEK camera available in my Testlab, so I'll check if I can break and analyze something.Thanks.
Please sign in to leave a comment.
Comments
8 comments