Bugtraq mailing list archives
RE: linksys WRT54g authentication bypass
From: "Ginsu Rabbit" <ginsurabbit () hotmail com>
Date: Mon, 07 Aug 2006 23:49:36 +0000
Miguel Valentin wrote:
On my friends WRT54G router that I installed it always asks me for an ID andpassword whenever I want to do anything even just checking the configuration. You must've been the unlucky one in a million who just happened to buy a "lemon".
You may want to reread the original advisory. My router, just like your friend's, verifies for the user-id and password when I check the configuration. The router does not verify the user-id and password when changing the configuration.
In order to test this, you'll need to hand-craft a web page or other tool to submit the change request to the router.
If you can verify one way or the other the behavior of your friend's router, please publish the router hardware and firmware version you tested. You can read the hardware version off the bottom of your router. The firmware version is visible when you log in to the router's web UI.
-- GR _________________________________________________________________Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/
Current thread:
- linksys WRT54g authentication bypass Ginsu Rabbit (Aug 07)
- RE: linksys WRT54g authentication bypass Andy Meyers (Aug 07)
- RE: linksys WRT54g authentication bypass Miguel Valentin (Aug 11)
- RE: linksys WRT54g authentication bypass Ginsu Rabbit (Aug 11)
- RE: linksys WRT54g authentication bypass Miguel Valentin (Aug 11)
- Re: linksys WRT54g authentication bypass Nicholas Knight (Aug 11)
- Re: linksys WRT54g authentication bypass Rodrigo Barbosa (Aug 11)
- Re: linksys WRT54g authentication bypass Ginsu Rabbit (Aug 11)
- <Possible follow-ups>
- Re: linksys WRT54g authentication bypass guant a (Aug 11)
- Re: linksys WRT54g authentication bypass Ginsu Rabbit (Aug 11)
- RE: linksys WRT54g authentication bypass TeamXMM Consulting, Inc. (Aug 14)
- Re: RE: linksys WRT54g authentication bypass gooorguss (Aug 14)
- RE: linksys WRT54g authentication bypass Andy Meyers (Aug 07)