lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <2003715234448.885840@beddo>
Date: Tue, 15 Jul 2003 23:44:48 +0100
From: cw <security@...ei.co.uk>
To: <bugtraq@...urityfocus.com>
Subject: Re: Asus AAM6000EV ADSL Router Wide Open



Hi all,
I was looking into the info provided by Michael Renzmann where he said:

"The same data can be accessed by telnetting to the device and choosing
the menu-path "System Maintenance / User Maintenance / List User" (6/5/4)."

On the AAM6000EV, the "User Maintenance" option is not under System Maintenance and I haven't spotted it anywhere else (though I haven't searched in depth).

What I did notice was that after using the web vulnerability to get the router username and password, an attacker could then go on to get the username and password for the internet account that the router is configured to use, hence potentially giving access to email and other services.

Use the menu path "System Maintenance > View All Configuration" (6,1)

Scan through the output for the following section:

Module 'ppp':

Then look for the following line

1 welogin username password logintype

In the UK this can be very useful. People using BT ADSL will have a username that is username@...ain.tld, for example a Freeserve user would likely be username@...eserve.co.uk

So not only does this allow you to get router access, but further poor configuration allows you to get all the details you need to access the hosts internet account.



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ