BugTraq
Back to list
|
Post reply
SMC7004VB sensitive information leak
Aug 31 2003 09:00PM
Alexander Müller (alexander mueller electronic-security de)
:: Advisory
Vulnerable: SMC7004VB sensitive information leak
Found: July 25th 2003
Vendor: SMC
Vendor notified: August 15th 2003
Vendor response: Answered but is on vacation.
Public release: August 31th 2003
Vulnerability:
An incorrect configuration in the SMC7004VB router allows you
to steal usernames and passes.
You can also use the IP without spoofing.
Some days ago, I scanned the IP of a teammember and LANguard
detected an installed proxy.
I tried to visit the homepage of this proxy...
But there was none. I used the proxy and opened the page again.
A saw a loginscript and tried some passes (username isn't required).
I tested some passes but the proxy didn't block.
Therefore I started a Bruteforceattack and after this I
noticed, the proxy did not block after thousands of passes.
I aborted this test.
That was the proof that you can get the pass with a stupid
working attack
Alexander Müller
Electronic Security
www.EC-Security.com
Thanks to: mo (Kryptocrew.de), Fabian Becker (Electronic Security)
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Vulnerable: SMC7004VB sensitive information leak
Found: July 25th 2003
Vendor: SMC
Vendor notified: August 15th 2003
Vendor response: Answered but is on vacation.
Public release: August 31th 2003
Vulnerability:
An incorrect configuration in the SMC7004VB router allows you
to steal usernames and passes.
You can also use the IP without spoofing.
Some days ago, I scanned the IP of a teammember and LANguard
detected an installed proxy.
I tried to visit the homepage of this proxy...
But there was none. I used the proxy and opened the page again.
A saw a loginscript and tried some passes (username isn't required).
I tested some passes but the proxy didn't block.
Therefore I started a Bruteforceattack and after this I
noticed, the proxy did not block after thousands of passes.
I aborted this test.
That was the proof that you can get the pass with a stupid
working attack
Alexander Müller
Electronic Security
www.EC-Security.com
Thanks to: mo (Kryptocrew.de), Fabian Becker (Electronic Security)
[ reply ]