lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 3 Apr 2018 14:41:39 -0400
From: Kevin R <krandall2013@...il.com>
To: fulldisclosure@...lists.org
Subject: Re: [FD] CVE-2018-5708

Discoverer: Kevin Randall

On Wed, Mar 28, 2018 at 2:13 PM, Kevin R <krandall2013@...il.com> wrote:

> Hello Seclists:
>
> Attached is my writeup for the following CVE: CVE-2018-5708
> > An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on
> > the same local network as, but being unauthenticated to, the
> > administrator's panel, a user can obtain the admin username and
> > cleartext password in the response (specifically, the configuration
> > file restore_default), which is displayed in XML.
> >
> > ------------------------------------------
> >
> > [Additional Information]
> > I have been in contact with William Brown CISO of D-Link. Him and his
> > team have confirmed the vulnerability and are working on a patch to
> > address the issue. Proof of concept exists along with the email
> > communication with William Brown if necessary. William Brown has
> > confirmed this is a new vulnerability/finding as well.
> >
> > ------------------------------------------
> >
> > [VulnerabilityType Other]
> > Unauthenticated Admin username and password in cleartext response via XML
> >
> > ------------------------------------------
> >
> > [Vendor of Product]
> > D-Link
> >
> > ------------------------------------------
> >
> > [Affected Product Code Base]
> > D-Link DIR-601 - 2.02NA Hardware Version B1
> >
> > ------------------------------------------
> >
> > [Affected Component]
> > The affected component is the configuration file restore_default which
> > leaks the admin username, password along with other device information
> > configuration information.
> >
> > ------------------------------------------
> >
> > [Attack Type]
> > Local
> >
> > ------------------------------------------
> >
> > [Impact Information Disclosure]
> > true
> >
> > ------------------------------------------
> >
> > [Attack Vectors]
> > To exploit the vulnerability, a user must be on the local network but
> > unauthenticated to the admin page.
> >
> > ------------------------------------------
> >
> > [Reference]
> > https://www.dlink.com
> >
> > ------------------------------------------
> >
> > [Has vendor confirmed or acknowledged the vulnerability?]
> > true
> >
> > ------------------------------------------
> >
> > [Discoverer]
> > Kevin Randal
>

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists