lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 4 Dec 2012 19:37:37 -0700
From: Darius Freamon <darius.freamon@...il.com>
To: submit@...sec.com, vuln@...unia.com, moderators@...db.org, 
	vuln@...urityfocus.com, bugtraq@...urityfocus.com, 
	full-disclosure@...ts.grok.org.uk
Subject: Buffalo LinkStation LS-WTGL Default Admin Account
	& Guest Access Information

After reading l0rd lunatic's post about the Buffalo router
(http://seclists.org/fulldisclosure/2012/Nov/234), noticed that going
to login page and clicking 'help' will show you the default admin
account. I think that is what he meant about information disclosure!
It also lets you login as guest and provides more information.

Clicking help:

http://ROUTER/help/en/auth.html?gDummy=1354674691647&_=

HTTP/1.1 200 OK
Date: Wed, 05 Dec 2012 02:45:08 GMT
Server: Apache/1.3.34 (Unix)
Last-Modified: Fri, 11 Jul 2008 12:13:45 GMT
ETag: "140d1e9-14b-48774e79"
Accept-Ranges: bytes
Content-Length: 331
Content-Type: text/html; charset=UTF-8

<div id="divHelpItem" class="doc" >
<div id="divDocumentTitle">Login</div>
<div id="divDocumentText" class="doc_text">
Until you change it, the default username is "admin" and the default
password is "password".<br />
To login as Guest, please enter "guest" as user name and no password
and then press enter.
</div>
</div>

When you login as guest, it gives up this information:

http://ROUTER/cgi-bin/top.cgi

LinkStation Name         CB-NAS-001
Model Name                 LS-WTGL/R1-V3 F/W 3.09
IP Address                    127.0.0.1
Current Date and Time 2012/12/4 19:38:38
HDD Space Used         RAID Array 1 322.32 GB / 500.76 GB (64.36 %)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists