The bug in the access point only reveals the password if you call for it by doing a snmp walk which uses a next request to get the oid instead of calling it explicitly. I tried: #snmpget 192.168.0.10 public enterprises.937.2.1.2.2.0 enterprises.937.2.1.2.2.0 = "" #snmpwalk 192.168.0.10 public enterprises.937.2.1.2.2.0 enterprises.937.2.1.2.2.0 = "" Both explicit calls to the oid fail but if I use next to call that oid I get #snmpwalk 192.168.0.10 public enterprises.937.2.1.2.2 enterprises.937.2.1.2.2.0 = "mypw" Here is my access point info: system.sysDescr.0 = D-Link - WLAN Access Point, Version: 3.2.28 #483 (Aug 23 2001). ----- Original Message ----- From: "Jim" <raxorat_private> To: <bugtraqat_private> Sent: Wednesday, January 23, 2002 11:15 AM Subject: Re: D-Link DWL-1000AP can be compromised because of SNMP configuration > > In-Reply-To: <20011221192655.6657.qmailat_private> > > OID 1.3.6.1.4.1.937.2.1.2.2.0 doesn't seem to exist > on my DWL-1000AP. > > Is this a typo ? Or has this value changed with a > recent firmware update ?
This archive was generated by hypermail 2b30 : Thu Jan 24 2002 - 13:26:26 PST