lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <1132148496.21581.36.camel@whale.core.arhont.com>
Date: Wed, 16 Nov 2005 13:41:36 +0000
From: Andrei Mikhailovsky <mlists@...ont.com>
To: "S.A.B.R.O. Net Security" <sabronet@...y.rr.com>
Cc: bugtraq@...urityfocus.com
Subject: Re: Authentication vulnerability in Belkin wireless devices

This is very odd, as we've reproduced this vulnerability on about 5
different F5D7230-4 with firmware 4.05.3 and 4.03.3, as well as on a few
of the F5D7232-4 routers with the same firmware.

This can't be a network specific setup issue, as we've tested this on
several unrelated networks from Linux and Windows operating systems
using Firefox and MS IE browsers.

Kind Regards,

On Wed, 2005-11-16 at 07:56 -0500, S.A.B.R.O. Net Security wrote:
> Hmmm... we were unable able to reproduce this vulnerability with one of our
> Belkin Wifi F5D7230-4 with firmware version 4.05.03
> 
> Once the admin has authenticated any other attempts to access the device 
> from
> any source (hardwire lan, wifi, remote) displays the following result :
> 
> Duplicate Administrator
> This device is managed by xxx.xxx.x.x currently!!
> 

-- 
Andrei Mikhailovsky
Arhont Ltd - Information Security

Web: http://www.arhont.com
     http://www.wi-foo.com
Tel: +44 (0)870 4431337
Fax: +44 (0)117 9690141
PGP: Key ID - 0x2B3438DE
PGP: Server - keyserver.pgp.com

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ