| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CABw6+zmOCcf3U53KpT7xJp0-EeoWEwbSL25W3nUrO+zweEggfw@mail.gmail.com> Date: Thu, 3 May 2018 14:45:51 -0400 From: Joe Gray <jgray@...ancedpersistentsecurity.org> To: fulldisclosure@...lists.org Subject: [FD] Insecure Authentication Practices in D-LINK DIR-601 Router, Hardware version A1, Firmware Version 1.02NA (CVE-2018-10641) [Suggested description] D-Link DIR-601 A1 1.02NA devices do not require the old password for a password change, which occurs in cleartext. ------------------------------------------ [Additional Information] Insecure Authentication Practices in D-LINK DIR-601 Router, Hardware version A1, Firmware Version 1.02NA When logging into the router, the authentication module passes the username and password BASE64 encoded vice encrypted. When changing the password a) no current password is required; and b) it passes the new password and username in plain text. There is also no support for HTTPS connections to the router. Due to no schedule viability D-Link asks that two items are mentioned in disclosure: a) For this out of service router, users are encouraged too used DD-WRT firmware here <http://www.dd-wrt.com/site/support/router-database> b) They can contact support@...nk.com for the latest information on updates. ------------------------------------------ [VulnerabilityType Other] Weak Authentication and No HTTPS support ------------------------------------------ [Vendor of Product] D-Link ------------------------------------------ [Affected Product Code Base] DIR 601 - Hardware A1, Firmware 1.02NA ------------------------------------------ [Affected Component] Login, Password Changing ------------------------------------------ [Attack Type] Context-dependent ------------------------------------------ [Impact Information Disclosure] true ------------------------------------------ [Attack Vectors] To exploit this, an attacker must have a proxy or man-in-the-middle attack completed and be able to discern the URLs to intercept passed parameters. ------------------------------------------ [Has vendor confirmed or acknowledged the vulnerability?] true ------------------------------------------ [Remediation] Due to no schedule viability D-Link asks that two items are mentioned in disclosure: a) For this out of service router, users are encouraged too used DD-WRT firmware here b) They can contact support@...nk.com for the latest information on updates. ------------------------------------------ [References] http://us.dlink.com/security-advisories/ <http://us.dlink.com/security-advisories/> https://advancedpersistentsecurity.net/cve-2018-10641/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10641 Joe Gray _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists