This Seems to be a new problem (if it has been reported I have never seen it) The Product : Webramp M3 from Ramp Networks, Inc The Problem I have encountered one of these routers logged into a Dial-up account. It has the setup web pages world readable via http thus giving out all login info (including password) for the dial up account. It also gives a hang-up option that may allow for DoS attacks. Currently it is unknown if this is just one misconfigured router or a wide spread problem. It would however be terribly easy to write A script to harvest this info. The Cure : Unknown The abuse possibilities of this problem are endless does anyone know of a fix or workaround ?
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:49:38 PDT