lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 4 Dec 2012 19:37:37 -0700
From: Darius Freamon <>
Subject: Buffalo LinkStation LS-WTGL Default Admin Account & Guest Access Information

After reading l0rd lunatic's post about the Buffalo router
(, noticed that going
to login page and clicking 'help' will show you the default admin
account. I think that is what he meant about information disclosure!
It also lets you login as guest and provides more information.

Clicking help:


HTTP/1.1 200 OK
Date: Wed, 05 Dec 2012 02:45:08 GMT
Server: Apache/1.3.34 (Unix)
Last-Modified: Fri, 11 Jul 2008 12:13:45 GMT
ETag: "140d1e9-14b-48774e79"
Accept-Ranges: bytes
Content-Length: 331
Content-Type: text/html; charset=UTF-8

<div id="divHelpItem" class="doc" >
<div id="divDocumentTitle">Login</div>
<div id="divDocumentText" class="doc_text">
Until you change it, the default username is "admin" and the default
password is "password".<br />
To login as Guest, please enter "guest" as user name and no password
and then press enter.

When you login as guest, it gives up this information:


LinkStation Name         CB-NAS-001
Model Name                 LS-WTGL/R1-V3 F/W 3.09
IP Address          
Current Date and Time 2012/12/4 19:38:38
HDD Space Used         RAID Array 1 322.32 GB / 500.76 GB (64.36 %)

Powered by blists - more mailing lists