BugTraq
hacking the mitsubishi GB-50A Mar 22 2008 01:50AM
Chris Withers (chris simplistix co uk) (1 replies)
RE: hacking the mitsubishi GB-50A Mar 24 2008 03:06PM
Desai, Ashish (Ashish Desai fmr com) (2 replies)
Re: hacking the mitsubishi GB-50A Mar 25 2008 01:48PM
Chris Withers (chris simplistix co uk)
Desai, Ashish wrote:
> If you read your own post you would realize that Mitsubishi
> kept the device ipaddress prefix as 192.168.1 so only you can attack
> yourself.

Well, as James pointed out already, this reply is a little silly.

But, just to be clear, if Mitsubishi had explicitly documented that this
device should only be used on a private network and had no access
controls, I don't think I'd have a problem.

However, they show a username/password box (which I'm betting is fairly
easilly circumvented if you know the right urls and can forge a cookie
on the client...) so I think it's fair game to expect them to implement
some kind of real security.

cheers,

Chris

--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk

[ reply ]
RE: hacking the mitsubishi GB-50A Mar 24 2008 05:09PM
James C. Slora Jr. (james slora phra com) (2 replies)
Re: hacking the mitsubishi GB-50A Mar 25 2008 08:02AM
Vincent Archer (archer tms frmug org)
Re: [BUGTRAQ] RE: hacking the mitsubishi GB-50A Mar 24 2008 06:54PM
Joe (joe avvanta com)


 

Privacy Statement
Copyright 2010, SecurityFocus