It involves a bug that allows a password recovery feature to be utilized from the LAN or WAN instead of just the serial console port. Basically, throwing enough 6 digit numbers at a pre-3.0.8 router will allow you to get access to the box to do whatever you want. It appears as if the problem started in 3.0.4, but I am not totally certain about that. -- Scott M. Drassinower scottdat_private Cloud 9 Consulting, Inc. White Plains, NY +1 914 696-4000 http://www.cloud9.net On Thu, 5 Aug 1999, Matt wrote: > The following URL contains information about a firmware upgrade for > FlowPoint DSL routers that fixes a possible "security compromise". > FlowPoint has chosen not to release ANY information whatsoever about the > vulnerability. I was curious if anyone had any more information > about this vulnerability than what FlowPoint is divulging. > > http://www.flowpoint.com/support/techbulletin/sec308.htm > > thnx > > -- > I'm not nice, I'm vicious--it's the secret of my charm. >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:55:46 PDT