Re: Lousy password handling in BreezeCOM

From: Thilo Hille (hilleat_private)
Date: Thu Dec 10 1998 - 11:21:43 PST

Next message: Kragen: "NSA paper on computer security"

Previous message: Wietse Venema: "Wietse's Postfix (was VMailer) software release"
Maybe in reply to: Mr. SteelFire: "Lousy password handling in BreezeCOM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

as far as i know its possible to set installerrights via snmp.
there is also a kind of DOS in the way of updating the firmware.
the tftpserver requires no authorization to upload the firmware and reset.
so someone could easily upload any file.
after that you have to send the affected device to breezecom to
get a new firmware cause the tftpserver is part of the firmware....

the only protection is to set up no ip-configuration.


Thilo Hille
Equinoxe Internet Galerie
Adlerstr.7
79098 Freiburg

Fon   : 0761-382263
Fax   : 0761-382265
email : hilleat_private
***** www.equinoxe.de *******

Next message: Kragen: "NSA paper on computer security"
Previous message: Wietse Venema: "Wietse's Postfix (was VMailer) software release"
Maybe in reply to: Mr. SteelFire: "Lousy password handling in BreezeCOM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:24:54 PDT