lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 15 Oct 2004 14:15:43 +0200
From: "mccauley@....net" <mccauley@....net>
To: bugtraq@...urityfocus.com
Subject: Re: 3COM Wireless router (3CRADSL72) information disclosure




> The router gives you a web page with user name, password, primary and
> secondary DNS, default gateway, etc, if you access
> http://[routerIP]/app_sta.stm without athentification of any kind.
> 
> Router details:
>    Runtime Code Version	1.05 (Jan 27 2004 14:58:25)
>    Boot Code Version	V1.3d
>    Hardware Version	01A
>    ADSL Modem Code Version	13.9.38
> 
> The password given is the password that you use to connect to the
> internet, not to the router.

Information 
Runtime Code Version:   v1.00 (Dec 11 2003 22:19:05) 
Boot Code Version:   V2.25 

http://192.168.0.1/app_sta.stm  (Works, but no information leak...)

WAN Status: 1
WAN Type: 39
MAC Address: 00-00-00-00-00-00
IP Address: 0.0.0.0
Subnet Mask: 0.0.0.0
Default Gateway: 0.0.0.0
Host Name:

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ