Bugtraq mailing list archives
Re: Improper Authentication Mechanism in 3Com Wireless8760 Dual Radio 11a/b/g Poe Access Point
From: Tom Neaves <tom () tomneaves co uk>
Date: Tue, 15 Sep 2009 22:49:21 +0100
Hi Yossi, Are you doing something funky with your IP address, e.g., NAT'ed/short DHCP lease? The reason I ask is because in 2008, Adrian Pastor stated authentication in the 3Com Wireless 8760 was linked to the source IP address [1]. It may well be the case (as you have discovered) that it allows arbitrary IP addresses to access the config once an administrator has authentication... However, I just wanted to hit this badboy up incase there was some confusion. Cheers, Tom [1] http://securityreason.com/wlb_show/WLB-2008110039 On Tue, 15 Sep 2009 22:27:31 +0300, Yossi Yakubov <yos20053 () gmail com> wrote:
Hi My name is Yossi Yakubov and i am a security researcher. Recently me and my collegues found the following vulnerability in the 3Com Wireless8760 web administration interface: If one user is authenticated to the web interface, other users can access to internal pages without further authentication. That means that one opened Session is enough between the user and web administration , and other users can also access to the web administration interface. Malicious user can wait until ones logins to the interface and then he can access and administer 3Com Wireless8760 Access Point without further authentication. Among different operations the malicious user can cause to Denial of Service (Dos) attack to the entire network by changing the configuration such as IP addresses. FYI Waiting for your review Best Regards Yossi Yakubov
Current thread:
- Improper Authentication Mechanism in 3Com Wireless8760 Dual Radio 11a/b/g Poe Access Point Yossi Yakubov (Sep 15)
- Re: Improper Authentication Mechanism in 3Com Wireless8760 Dual Radio 11a/b/g Poe Access Point Tom Neaves (Sep 16)