| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 31 Aug 2003 23:00:42 +0200 (Westeuropäische Sommerzeit) From: "Alexander Müller" <alexander.mueller@...ctronic-security.de> To: <bugtraq@...urityfocus.com> Cc: <vuln@...unia.com>, <vuln-dev@...urityfocus.com> Subject: SMC7004VB sensitive information leak :: Advisory Vulnerable: SMC7004VB sensitive information leak Found: July 25th 2003 Vendor: SMC Vendor notified: August 15th 2003 Vendor response: Answered but is on vacation. Public release: August 31th 2003 Vulnerability: An incorrect configuration in the SMC7004VB router allows you to steal usernames and passes. You can also use the IP without spoofing. Some days ago, I scanned the IP of a teammember and LANguard detected an installed proxy. I tried to visit the homepage of this proxy... But there was none. I used the proxy and opened the page again. A saw a loginscript and tried some passes (username isn't required). I tested some passes but the proxy didn't block. Therefore I started a Bruteforceattack and after this I noticed, the proxy did not block after thousands of passes. I aborted this test. That was the proof that you can get the pass with a stupid working attack Alexander Müller Electronic Security www.EC-Security.com Thanks to: mo (Kryptocrew.de), Fabian Becker (Electronic Security)
Powered by blists - more mailing lists