lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 8 Jun 2004 13:41:11 +0200 (CEST)
From: Fernando Sanchez <fer@....fi.udc.es>
To: bugtraq@...urityfocus.com
Subject: U.S. Robotics Broadband Router 8003 admin password visible


Hello.
        US Robotics Broadband Router 8003 is a small home/SOHO router which
is configured using a HTML interface. This interface, as usual, asks for a
password in order to let you view or change configuration parameters. But
the password is checked first by a javascript function that just compares
two strings:

function submitF(F)
{
        var     loginflag,loginIP;
        var pwd;

        loginflag = 0;
        loginIP = "0.0.0.0";

        pwd = "thisistheadminpassword" ;

        if (loginflag == 1)
        {
                alert("Someone ( " + loginIP + " ) has logged in
as an administrator !");
                F.submit();
        }

        if ( F.PSW.value != pwd )
        {
                alert("Incorrect password!");
                F.submit();
        }
        F.submit();
}

And yes, pwd = "thisistheadminpassword" is actually showing the
administrator password. So anyone who can access the HTML administration
interface will be able to login and view or modify the device configuration.

This is true at least with firmware v1.04 08. The router firmware can be
upgraded but U.S. Robotics has not released any revision for the
8003 model yet.

I have contacted them and they have told me that the problem is not too
serious and that it can be solved by limiting the access to the router
interface to trusted people only. No mention to a firmware upgrade or
any other temporal workaround was made.

Kind regards,

Fernando Sanchez


Powered by blists - more mailing lists