lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 05 Mar 2014 17:02:44 -0500
From: "Brian M. Waters" <brian@...anmwaters.net>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Cisco Security Advisory: Cisco Small Business
 Router Password Disclosure Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Great, just two days after I purchased on on the premise that this would
be less likely to happen to a "small business" router than a consumer one!

Thanks for being forthcoming,

BW

On 03/05/2014 11:28, Cisco Systems Product Security Incident Response
Team wrote:
> Cisco Security Advisory: Cisco Small Business Router Password
> Disclosure Vulnerability
> 
> Advisory ID: cisco-sa-20140305-rpd
> 
> Revision 1.0
> 
> For Public Release 2014 March 5 16:00  UTC (GMT)
> 
> +---------------------------------------------------------------------
>
>  Summary =======
> 
> 
> A vulnerability in the web management interface of the Cisco RV110W
> Wireless-N VPN Firewall, the Cisco RV215W Wireless-N VPN Router,
> and the Cisco CVR100W Wireless-N VPN Router could allow an
> unauthenticated, remote attacker to gain administrative-level
> access to the web management interface of the affected device.
> 
> The vulnerability is due to improper handling of authentication
> requests by the web framework. An attacker could exploit this
> vulnerability by intercepting, modifying and resubmitting an
> authentication request. Successful exploitation of this
> vulnerability could give an attacker administrative-level access to
> the web-based administration interface on the affected device.
> 
> Cisco has released free software updates that address this
> vulnerability. There are currently no known workarounds that
> mitigate this vulnerability. This advisory is available at the
> following link: 
> http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-rpd
>
> 
> 
> _______________________________________________ Full-Disclosure -
> We believe in it. Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
> sponsored by Secunia - http://secunia.com/
> 

- -- 
Brian M. Waters
+1 (908) 380-8214
brian@...anmwaters.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (FreeBSD)

iQEcBAEBCgAGBQJTF579AAoJEEYNFaEjEsGoJu4H/30s9m46Yj8k2i5ZsOUaXiBv
c/Z/tHpKD2uNf7kNs1c8KpD5Gvr7R5jvwZzdi6CVzG08qKoWMYPJii5EYlLOVH2R
cK+JQO0sDn7GWbc/5Il7SmarKfkQdYLJxOw2uNxgYiRpImGXiColo7sHP2FkMbxt
BJyNT26n1sAyHJ2XyJsxPo5+xjHPrg8O1tdBsVio/FYp0SestNoW/2oYTNzQb5jl
TzJr5rS90XNxudVXnptl07djCuhDgkT/JZLST9cUCMpVbwOpHqVhzFZhYan/JfeL
Gu43RUS9T1R5p0WPhS1k9L7QkjoWRoqA00sGqwbzq0iHl/XIutDUztP4FSLkFzM=
=my8Z
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists