| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 1 Jul 2016 11:00:51 GMT From: Info@...ermoon.cc To: bugtraq@...urityfocus.com Subject: Logic security flaw in TP-LINK - tplinklogin.net TP-LINK forgot to buy the domain www.tplinklogin.net which is beings used to configure many of the hardwares they have, like routers configuration. The domain is available to buy via escort service, so potential attacker can get it, it's all about money. There is unknown holder who have the domain right now, and has been confirmed to be out of the company. As for now, the company decided to make minor fixes. Yet - they don't like to buy the domain from the unknown seller, for now. I've contacted the Chinese CERT, the US-CERT the Israeli CERT and the company. The logic behind using domain in the first time, instead of IP address is the main problem here, forgetting to buy the domain is the second mistake. While checking how many users are trying to use it, I've realized that's this is effecting plenty of people. My advice is to block the domain by the ISP. It seems that's some people understood that's the service is not good, and complained about it online, however I didn't saw a publication concern the security effect of the issue I hope this mistake won't happened again Amitay Dan CEO at Cybermoon for more info please follow www.cybermoon.cc www.amitaydan.com @popshark1
Powered by blists - more mailing lists