Re: Accesspoints disclose wep keys, password and mac filter (fwd)

[tenty () overkillnetworks com]

Quoting informatik.koerfer () web de:

> In-Reply-To: <20021106185730.15557.qmail () mail securityfocus com>
> > >        Possibly vulnerable, not tested, OEM Version from GlobalSunTech:
> > >                D-Link DWL-900AP+ B1 version 2.1 and 2.2
<snip>
> > The D-Link DWL-900AP+ B1 2.1 isn't affected.

> I'm sorry, this device IS vulnerable, I believe ALL others are as well.
> The source code posted is only a proof of concept, slight modifications
> will deliver the correct result.
<snip>

Just a little FYI:
I Upgraded to the latest firmware located on the support.dlink.com site, It 
seems as though this is vulnerable as well and returns:

Type          : GL2422AP-00-0M0 T1.0 -042.3
Announced Name: DWL-900AP+
Admin Username: admin
Admin Password: admin
SSID          : default
Wep Key       : 00 00 00 00 00 00 00 00 00 00 00 00 00

(The Wep Key, Admin password, and SSID have been changed to protect the 
innocent)

Again, this is the latest firmware located on the dlink support site:
Firmware Version 2.3 , Tue, 29 Sep 2002
Which was apparently relased on the 4th November 2002, as per the information 
on their site. The site clearly explains though that it is only an upgrade to 
secure TFTP and nothing else though.

The informaion was extracted using the "Altered Test Prog" (and a bit of 
tweeking) that /håkan supplied in previous posts. Correct me if I'm wrong, and 
being quite new to the security scene, I imagine I would be, but wouldnt the 
most logical step for firewalling, to update a ruleset that doesnt allow 
network wide broadcasts, if it can be helped that is?

If anyone needs me to run some more tests, just let me know what to run.

Cheers
-TenTaCLE

-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/