Webramp M3 login info

From: the_coyoteat_private
Date: Sat Apr 18 1998 - 16:34:53 PDT

Next message: Raymond Dijkxhoorn: "Re: Nasty security hole in "lprm""

Previous message: Chris Evans: "Re: Nasty security hole in "lprm""
Next in thread: Niek Jongerius: "Re: Webramp M3 login info"
Reply: Niek Jongerius: "Re: Webramp M3 login info"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This Seems to be a new problem (if it has been reported
I have never seen it)

The Product :

Webramp M3
from Ramp Networks, Inc

The Problem

  I have encountered one of these routers logged into a Dial-up
account. It has the setup web pages world readable via http thus
giving out all login info (including password) for the dial up
account. It also gives a hang-up option that may allow for DoS
attacks.

  Currently it is unknown if this is just  one misconfigured router or
  a wide spread problem.

It would however be terribly easy to write  A script to harvest this
info.


The Cure :
Unknown

The abuse possibilities of this problem are endless does  anyone
know of a fix or workaround ?

Next message: Raymond Dijkxhoorn: "Re: Nasty security hole in "lprm""
Previous message: Chris Evans: "Re: Nasty security hole in "lprm""
Next in thread: Niek Jongerius: "Re: Webramp M3 login info"
Reply: Niek Jongerius: "Re: Webramp M3 login info"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:49:38 PDT