lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <201607011100.u61B0pX3018082@sf01web2.securityfocus.com>
Date: Fri, 1 Jul 2016 11:00:51 GMT
From: Info@...ermoon.cc
To: bugtraq@...urityfocus.com
Subject: Logic security flaw in TP-LINK - tplinklogin.net

TP-LINK forgot to buy the domain www.tplinklogin.net  which is beings used to configure many of the hardwares they have, like routers configuration.

The domain is available to buy via escort service, so potential attacker can get it, it's all about money.

There is unknown holder who have the domain right now, and has been confirmed to be out of the company.

As for now, the company decided to make minor fixes. Yet - they don't like to buy the domain from the unknown seller, for now.

I've contacted the Chinese CERT, the US-CERT the Israeli CERT and the company.

The logic behind using domain in the first time, instead of IP address is the main problem here, forgetting to buy the domain is the second mistake.

While checking how many users are trying to use it, I've realized that's this is effecting plenty of people.

My advice is to block the domain by the ISP.

It seems that's some people understood that's the service is not good, and complained about it online, however I didn't saw a publication concern the security effect of the issue 

I hope this mistake won't happened again

Amitay Dan
CEO at Cybermoon 

for more info please follow
www.cybermoon.cc
www.amitaydan.com

@popshark1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ