| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 23 Dec 2011 15:55:37 -0500 From: Jeffrey Walton <noloader@...il.com> To: Hacxx Under <hacxx20@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Sunny WebBox Default Password On Fri, Dec 23, 2011 at 11:02 AM, Hacxx Under <hacxx20@...il.com> wrote: > Sunny Web Box is a device that has a web interface and it's used as a > reader for solar energy microproducers. > > The default password is "SMA" > > The devices can be founfd using intitle: "Sunny WebBox" > ------- > Hacked Boxes > > http://mariorodrigues.dynip.sapo.pt > http://gisolar.cannondesign.com > http://pvpichler.dyndns.org:509 > http://217.113.37.189:80 > http://zodiac.hostein.org:8081 > http://79.1742.145.114 > http://67.78.27.35 > http://217.133.100.238:8082 > http://news.hartwellps.vic.edu.au > http://energiasolar.ues.edu.sv > http://solar.amy.gr > http://xserver.clio.it They also use MD5 in a JSON request over HTTP. Not surprisingly: $ echo SMA | md5sum 8872966064a33f7520d11c0fffe7e517 [Google for 8872966064a33f7520d11c0fffe7e517] http://hash.phelix.lv/md5/371bd54577d68567ed50af283052e0d1/SMA.htm It looks like this has been known for some time. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists