Re: CORE-20021005: Vulnerability Report For Linksys

[AARG! Anonymous <remailer () aarg net>]

At 08:10 PM 12/10/02 -0300, CORE Advisories wrote:
> Many Linksys' network appliances have a remote administration and
> configuration interface via HTTP, either from the local network,
> or, if it's enabled, from any host across the internet.

I just want to make sure I've got this right:

It comes with secure defaults.

But if I decide to open it up, it's not secure any more.

Gee, I wonder what other products could be configured into an insecure state and boilerplated into an advisory?

And would iDefense pay me for them?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html