Asus have been notified but haven't even acknowledged yet alone mentioned a fix. If the inbuilt webserver is activated, anyone on the local network can get the full user/pass list from the router without any identification whatsoever by going to the ip address of the router and appending /userdata Example, say the ip address is 192.168.0.1, go to: http://192.168.0.1/userdata This will output the contents of the userdata file which contains completely unencrypted usernames and passwords. There are plenty of other files that can be access with this trick, I haven't looked at the content of them so I don't know what else you can do. This security flaw arises because the webserver on the router is mapped to index.html which provides a link to /secure/Home.htm You are not prompted for a password until you attempt to access files under /secure Telnet to the router, enter the user mode console and then type "flashfs" Type ls to see all configuration files accessible through this flaw.
This archive was generated by hypermail 2b30 : Mon Jul 14 2003 - 13:57:04 PDT