lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAPifcow6dti8bJsz7FWLdNQTZcjN_RddQ1tc_k+DXEJY7rZ5kw@mail.gmail.com> Date: Thu, 6 Apr 2017 14:01:03 -0700 From: Ian Ling <iancling@...il.com> To: fulldisclosure@...lists.org Subject: [FD] DragonWave Horizon Hard-coded Credentials Vulnerability (multiple versions) [+] Credits: Ian Ling [+] Website: iancaling.com [+] Source: http://blog.iancaling.com/post/159276197313 Vendor: ================= http://www.dragonwaveinc.com/ Product: ====================== -DragonWave Horizon Vulnerability Details: ===================== DragonWave Horizon wireless radios have hard-coded login credentials meant to allow the vendor to access the devices. These credentials can be used via both Telnet and the web interface. Vendor confirmed that this vulnerability is fixed in the latest software version. It is unknown which version specifically contained the fix. Affected versions: -1.01.03 -Possibly others Impact: The remote attacker can view plaintext admin credentials, as well as make configuration changes to the device. Disclosure Timeline: =================================== Vendor Notification: March 29, 2017 Vendor Response: March 30, 2017 Public Disclosure: April 6, 2017 Exploitation Technique: ======================= Remote Severity Level: ================ Critical _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists