[Full-Disclosure] SMC Router safe Login in plaintext

From: Florian Rock (florianrockat_private)
Date: Wed Sep 03 2003 - 05:14:37 PDT

Next message: noconflic: "[Full-Disclosure] Webcalendar <= 0.9.42 Cross Site Scripting Attacks and Potential SQL Injection Attack"

Previous message: Dr. Peter Bieringer: "Re: [Full-Disclosure] Trend Micro Interscan Viruswall: missing whole_file_scan=yes let pass at least one Sobig.f eMail"
Next in thread: Schmehl, Paul L: "RE: [Full-Disclosure] SMC Router safe Login in plaintext"
Reply: Schmehl, Paul L: "RE: [Full-Disclosure] SMC Router safe Login in plaintext"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I found that the SMC Barricade SMC-7404BRB safe the Login for the Provider safe in plaintext!!!

If you go to PPPoE and look a the source code you found the password in plaintext.
Here a pic from the HTML site:

If you look at Source you can find the line:
<input type="password" name="p_passwd" size="25" maxlength="60" value="00000000"></font> 
The password is safe in plaintext!!! 00000000 = password in plaintext

_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: noconflic: "[Full-Disclosure] Webcalendar <= 0.9.42 Cross Site Scripting Attacks and Potential SQL Injection Attack"
Previous message: Dr. Peter Bieringer: "Re: [Full-Disclosure] Trend Micro Interscan Viruswall: missing whole_file_scan=yes let pass at least one Sobig.f eMail"
Next in thread: Schmehl, Paul L: "RE: [Full-Disclosure] SMC Router safe Login in plaintext"
Reply: Schmehl, Paul L: "RE: [Full-Disclosure] SMC Router safe Login in plaintext"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Sep 03 2003 - 08:00:55 PDT