lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon, 07 Aug 2006 23:49:36 +0000
From: "Ginsu Rabbit" <ginsurabbit@...mail.com>
To: valentinousn@...izon.net, bugtraq@...urityfocus.com
Subject: RE: linksys WRT54g authentication bypass

Miguel Valentin wrote:
>On my friends WRT54G router that I installed it always asks me for an ID 
>and
>password whenever I want to do anything even just checking the
>configuration. You must've been the unlucky one in a million who just
>happened to buy a "lemon".

You may want to reread the original advisory.  My router, just like your 
friend's, verifies for the user-id and password when I check the 
configuration.  The router does not verify the user-id and password when 
changing the configuration.

In order to test this, you'll need to hand-craft a web page or other tool to 
submit the change request to the router.

If you can verify one way or the other the behavior of your friend's router, 
please publish the router hardware and firmware version you tested.  You can 
read the hardware version off the bottom of your router.  The firmware 
version is visible when you log in to the router's web UI.

--
GR

_________________________________________________________________
Don’t just search. Find. Check out the new MSN Search! 
http://search.msn.click-url.com/go/onm00200636ave/direct/01/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ