| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040217230824.2079.qmail@www.securityfocus.com> Date: 17 Feb 2004 23:08:24 -0000 From: NN Poster <nnposter@...landnews.com> To: bugtraq@...urityfocus.com Subject: SNMP community string disclosure in Linksys WAP55AG Linksys WAP55AG does not properly secure SNMP community strings. In particular, it is possible to obtain all community strings, including read/write, by querying OID 1.3.6.1.4.1.3955.2.1.13.1.2. 1.3.6.1.4.1.3955.2.1.13.1.2.1 = STRING: "public" 1.3.6.1.4.1.3955.2.1.13.1.2.2 = STRING: "private" Verified on WAP55AG, firmware 1.07 Vendor notified 1/16/04 and 1/20/04, no response.
Powered by blists - more mailing lists