| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20030415003413.14841.qmail@www.securityfocus.com> Date: 15 Apr 2003 00:34:13 -0000 From: denote <denote@...email.com.au> To: bugtraq@...urityfocus.com Subject: nb1300 router - default settings expose password _____________________________________________ Buqtraq post Vendor: Netcomm Australia www.netcomm.com.au Netcomm, Vulnerability in FTP server NB 1300 modem/router Affected firmware: all known versions ______________________________________________ Description and Background: The NB1300 has by default the ftp server (VxWorks (5.4.1)) exposed to the WAN interface. The default password is often not changed by the User. User: admin Password: password When connection is made to the ftp server the routers core system Files are exposed to the admin account. Perform a simple "get config.reg" and the username and password Of the account are given in clear text. _______________________________________________ Impact: 1. The username and password may be used to access the users Account details, collect their email, use the data available to them Etc... 2. (untested) The system files of the VxWorks (5.4.1) OS may be modified or deleted to impact a denial of service, rendering device useless. _______________________________________________ Fix: disable the ftp WAN access and/or change Admin account details. _______________________________________________ Recommendations: Vendor to supply product with interface disabled by default _______________________________________________ Vendor: Has been notified 04/03/2003 No response received _______________________________________________ denote@...email.com.au
Powered by blists - more mailing lists