Bugtraq mailing list archives
Netopia ISDN Router 650-ST: Viewing of all system logs without login
From: The Proton <proton () DSHS NSW EDU AU>
Date: Thu, 16 Nov 2000 09:16:07 +1100
This advisory was sent to Netopia three weeks ago. I have received no return contact. Andrew ---------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Device Specifics ================= Name: Netopia ISDN Router 650-ST Manufacturer: Netopia Version: Firmware 3.3.2 Risk: Viewing of all system logs without login Advisory: 2000-03 Problem ======= The system logs (both device history and WAN history) can be read from the telnet prompt without logging into the system. Details ======= The logs of the router can be viewed from the telnet login screen by pressing a certain key combination. To access the WAN event log type Ctrl-F at the login screen To access the device event log type Ctrl-E at the login screen Access to these logs may allow access to sensitive information such as usernames or passwords to an arbitary internet user. Fixes ===== None available. Workaround ========== Do not allow telnet access to your router to untrusted hosts. Acknowledgements =============== This vulnerability was discoverd by Bok <bok () dshs nsw edu au> Further investigation by Andrew Wellington (aka proton) Disclaimer ========== THIS INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. ANDREW WELLINGTON DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL ANDREW WELLINGTON BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING, BUT NOT LIMITED TO, DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF ANDREW WELLINGTON HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. PGP Key ======= PGP key is available at keyserver.net Key ID: 0x77168373 Fingerprint: E8C3 789F 30C3 658E 1D90 56EB 0097 3EE3 7716 8373 -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com> iQA/AwUBOf1XywCXPuN3FoNzEQLiMgCdFyrc4kxfld6EL0/bEHYJ0+fF6GgAoJl+ KZYtG//tuDj7avHoUtGNiVZ/ =jaBx -----END PGP SIGNATURE----- _______________________________ The Proton <proton () dshs nsw edu au> _______________________________
Current thread:
- Netopia ISDN Router 650-ST: Viewing of all system logs without login The Proton (Nov 17)
- Re: Netopia ISDN Router 650-ST: Viewing of all system logs without login Aaron Nichols (Nov 17)
- Re: Netopia ISDN Router 650-ST: Viewing of all system logs without login //Stany (Nov 18)
- Re: Netopia ISDN Router 650-ST: Viewing of all system logs without login Aaron Nichols (Nov 18)
- Re: Netopia ISDN Router 650-ST: Viewing of all system logs without login //Stany (Nov 18)
- Re: Netopia ISDN Router 650-ST: Viewing of all system logs without login Aaron Nichols (Nov 17)