Lightwave ConsoleServer 3200 Information Disclosure Vulnerability

The ConsoleServer 3200 is a console switch from Lightwave.

The unit's remote administration interface supplies sensitive information to connected users who have not yet successfully logged into an administrative account.

The "pre-login" banner reveals a range of important data to non-authenticated users, including the userids of other connected users, as well as information about the device's hardware configuration and status.

Properly exploited (for example, by obtaining usernames which are then used in brute-force password analysis), this information could be used to carry out attacks and potentially compromise the device.


Privacy Statement
Copyright 2010, SecurityFocus