lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: 15 Apr 2003 00:34:13 -0000
From: denote <denote@...email.com.au>
To: bugtraq@...urityfocus.com
Subject: nb1300 router - default settings expose password




_____________________________________________
Buqtraq post

Vendor: Netcomm Australia

www.netcomm.com.au

Netcomm, Vulnerability in FTP server

NB 1300 modem/router

Affected firmware: all known versions

______________________________________________

Description and Background:

The NB1300 has by default the ftp server (VxWorks (5.4.1)) exposed to the 
WAN interface. 
The default password is often not changed by the User.
User: admin Password: password
When connection is made to the ftp server the routers core system 
Files are exposed to the admin account. 
Perform a simple "get config.reg" and the username and password 
Of the account are given in clear text.

_______________________________________________

Impact:

1.
The username and password may be used to access the users 
Account details, collect their email, use the data available to them 
Etc... 
2. (untested) The system files of the VxWorks (5.4.1) OS may be modified 
or deleted 
to impact a denial of service, rendering device useless.

_______________________________________________

Fix: disable the ftp WAN access and/or change
Admin account details.

_______________________________________________

Recommendations:
Vendor to supply product with interface disabled by default 
_______________________________________________
Vendor:

Has been notified 04/03/2003 
No response received
_______________________________________________

denote@...email.com.au


Powered by blists - more mailing lists