Hi All.. Attached is an Advisory concerning Netgear's FVS318 Firewall/VPN/Router, and the fact that it stores Usernames and Passwords in plain text if the config is backed up. Thanks, fabat_private http://www.aisec.net Information Security Team. -=-=-=-=-=-=-=-=-=-=-=-=-=- AIS advisory # 0006 NETGEAR FVS318 Firewall Router Firmware 1.1 Username/Password Disclosure ==============Summary================ Netgear's FVS318 Firewall/VPN/Router stores Usernames and Passwords in plain text when a backup of the configuration is made. ==========Software Affected========== Netgear FVS318 firmware 1.1 and every firmware version before it. ===============Vendor================ http://www.netgear.com =========Product Description========= Taken from their site : http://www.netgear.com "Want the utmost in network security for your office? NETGEAR's FVS318 ProSafe VPN Firewall provides business-class protection at a NAT router price. This completely equipped, broadband-capable Virtual Private Network (VPN) firewall is a true firewall and provides it all – Denial of Service (DoS) protection and Intrusion Detection using Stateful Packet Inspection (SPI), URL access and content filtering, logging, \reporting, and real-time alerts. It initiates up to 8 IPSec VPN tunnels simultaneously, reducing your operating costs and maximizing the security of your network. With 8 auto-sensing, Auto Uplink™ switched LAN ports and Network Address Translation (NAT) routing, up to 253 users can access your broadband connection at the same time." ============Vulnerability============ The web interface includes a backup option to store your current config just in case anything happens.... For the most part, the file isn't readable except for a few words, in particular, your Username to your ISP internet connection, and the password to the web admin interface which listens on port 80 by default. This port can be changed to whatever you like, but probably not many people do that. I would consider this a local threat because you can only get to the web interface from inside the local LAN. Unless you enable Remote Management, which listens on port 8080 by default. The default username for the web interface can't be changed, it's always "admin"... Any good admin makes a backup of their working configs ;) ================FIX (if any) ======== Use PGP to encrypt your files, if Netgear doesn't encrypt them for you. ============Discovered by============ fabat_private http://www.aisec.net Information Security Team.
This archive was generated by hypermail 2b30 : Fri Sep 27 2002 - 11:32:12 PDT