At 12:07 PM 8/7/99 -0400, Scott Drassinower wrote: >It involves a bug that allows a password recovery feature to be utilized >from the LAN or WAN instead of just the serial console port. > >Basically, throwing enough 6 digit numbers at a pre-3.0.8 router will >allow you to get access to the box to do whatever you want. It appears as >if the problem started in 3.0.4, but I am not totally certain about that. So the vulnerability is essentially a brute force against telnet/snmp? Assuming you filter those out, is there another way of accessing? >-- > Scott M. Drassinower scottdat_private > Cloud 9 Consulting, Inc. White Plains, NY > +1 914 696-4000 http://www.cloud9.net > >On Thu, 5 Aug 1999, Matt wrote: > > > The following URL contains information about a firmware upgrade for > > FlowPoint DSL routers that fixes a possible "security compromise". > > FlowPoint has chosen not to release ANY information whatsoever about the > > vulnerability. I was curious if anyone had any more information > > about this vulnerability than what FlowPoint is divulging. > > > > http://www.flowpoint.com/support/techbulletin/sec308.htm > > > > thnx > > > > -- > > I'm not nice, I'm vicious--it's the secret of my charm. > > -- PGP Key can be found at http://www.panix.com/~budke/pgp/budke_budke_com.txt
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:55:55 PDT