When configured to backup configuration settings, the device will store various information in cleartext. Accessing this file could allow an attacker to obtain sensitive information which could aid the attacker in compromising the web administration interface of the device, DSL/cable account passwords, FTP passwords,etc.
It should be noted that the backup option is not enabled by default, but is a common feature used by administrators and attackers of course ;)
It should be noted that the backup option is not enabled by default, but is a common feature used by administrators and attackers of course ;)
[ reply ]