Plain text DDNS password in NetGear FM114P backups

From: Marc Ruef (marc.ruefat_private)
Date: Thu Oct 10 2002 - 10:47:17 PDT

Next message: Sym Security: "Re: Multiple Vendor PC firewall remote denial of services Vulnerability"

Previous message: bugtraq-return-6791at_private: "R7-0004: Multiple Vendor Long ZIP Entry Filename Processing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi!

I was checking the vulnerability "NETGEAR FVS318 Firewall Router
Username/Password Disclosure"[1] on my NetGear FM114P. My little box
doesn't store the web login username and password in plain text.

But the DDNS (DynDNS) account data is stored in plaintext; this problem
seems to be existent up to Firmware 1.3 Release 05. Also some
interesting informations like MAC address filtering table are stored in
plain text.

It could be that NetGear will encrypt the whole backup settings in an
upcoming firmware to serve additional backup security.

Bye, Marc

[1] http://www.securiteam.com/securitynews/5TP0Y008AQ.html

-- 
Computer, Technik und Security
http://www.computec.ch

Next message: Sym Security: "Re: Multiple Vendor PC firewall remote denial of services Vulnerability"
Previous message: bugtraq-return-6791at_private: "R7-0004: Multiple Vendor Long ZIP Entry Filename Processing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Oct 10 2002 - 13:45:45 PDT