lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <f08ba9337985d03e0f62ee6d7d493b31@tomneaves.co.uk>
Date: Tue, 15 Sep 2009 22:49:21 +0100
From: Tom Neaves <tom@...neaves.co.uk>
To: Yossi Yakubov <yos20053@...il.com>
Cc: bugtraq@...urityfocus.com
Subject: Re: Improper Authentication Mechanism in 3Com Wireless8760 Dual Radio
 11a/b/g Poe Access Point

Hi Yossi,

Are you doing something funky with your IP address, e.g., NAT'ed/short DHCP
lease?  The reason I ask is because in 2008, Adrian Pastor stated
authentication in the 3Com Wireless 8760 was linked to the source IP
address [1].  It may well be the case (as you have discovered) that it
allows arbitrary IP addresses to access the config once an administrator
has authentication... However, I just wanted to hit this badboy up incase
there was some confusion.

Cheers,

Tom

[1] http://securityreason.com/wlb_show/WLB-2008110039

On Tue, 15 Sep 2009 22:27:31 +0300, Yossi Yakubov <yos20053@...il.com>
wrote:
> Hi
> My name is Yossi Yakubov and i am a security researcher. Recently me
> and my collegues found the following vulnerability in the 3Com
> Wireless8760 web administration interface:
> 
> If one user is authenticated to the web interface, other users can
> access to internal pages without further authentication. That means
> that  one opened Session  is enough  between the user and web
> administration , and other users can also access to the web
> administration interface.
> 
> Malicious user can wait until ones logins to the interface and then he
> can access and administer  3Com Wireless8760 Access Point without
> further authentication. Among different operations the malicious user
> can cause to Denial of Service (Dos) attack to the entire network by
> changing the configuration such as IP addresses.
> 
> FYI
> 
> Waiting for your review
> 
> Best Regards
> 
> Yossi Yakubov

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ