lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon, 07 Jun 2004 09:26:05 +0200
From: Hostmaster <hostmaster@...emedien.net>
To: bugtraq@...urityfocus.com
Subject: Re: Netgear WG602 Accesspoint vulnerability


Hi,

Jaco Swart wrote:

> In-Reply-To: <Pine.GSO.4.33.0406031903380.14119-100000@...mal.khamsin.ch>
> 
> I can confirm that this vulnerability still exists in the latest firmware upgrade(1.7.14) for the WG602.  They've simply gone and changed the username to superman and password to 21241036.

yes - this is right (though it took me a while to find out how to get 
this gzip compressed part out of the img).

Whats new in this image:
"[...] Fixed illegal user access the WEB configuration utility. [...]"

;-)

Would it be possible to change the firmware image by hand - e.g. usa a 
hex editor and set this username / password to sth else?

regards,

Harald

-- 
Team NeueMedien.Net / Hostmaster

Powered by blists - more mailing lists