lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: 25 May 2011 08:31:16 -0000
From: supernothing@...reclockcycles.org
To: bugtraq@...urityfocus.com
Subject: Remote Password Disclosure Vulnerability in RXS-3211 IP Camera +
 others

-==Description==-
The RXS-3211 IP camera, among others, is vulnerable to remote password disclosure, which can be exploited by an unauthenticated attacker with a single UDP packet. The problem exists in the camera management protocol used by the devices, which sends the administrator password and other configuration settings in cleartext following an unauthenticated request.

The following UDP payload, sent to port 13364 on a vulnerable device, can exploit the issue:

\xff\xff\xff\xff\xff\xff\x00\x06\xff\xf9

It is also possible to set configuration settings on the remote device with a single unauthenticated request.

-==Mitigation==-
Block external access to UDP port 13364. 

-==Disclosure==-
Contacted Rosewill, but received no response.

-==PoCs==-
http://spareclockcycles.org/downloads/code/rxs_3211_retrievepw.rb
http://spareclockcycles.org/downloads/code/rxs-3211-retrievepw.py
http://spareclockcycles.org/downloads/code/rxs-3211-changepw.py

-==Reference==-
http://spareclockcycles.org/2011/05/23/exploiting-an-ip-camera-control-protocol/

-==Affected Devices==-
http://spareclockcycles.org/downloads/ipcam_pass_disclosure_devices.txt

Powered by blists - more mailing lists