• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

WebRamp Default Adminstrative Login Vulnerability

WebRamp systems ship with a default password for the web administration utility. The setup program does not force this password to be changed, and some WebRamp machines on the Internet are still using this default password. It is also possible through misconfiguration to disable authentication for web administration entirely. If an attacker were able to login using the default password, they would get access to various information including the ISP account, password and phone number, as well as the ability to change the routing table and the firmware. On systems with more than one modem attached, it is possible to have one modem call a remote computer, thereby providing outside access to the internal LAN.