Information Security News mailing list archives

Re: Popular Linksys Router Vulnerable to Attack

From: InfoSec News <isn () c4i org>
Date: Tue, 5 Nov 2002 06:06:42 -0600 (CST)

Forwarded from: Eric Lee Green <eric () badtux org>

On Sunday 03 November 2002 11:29 pm, InfoSec News wrote:

http://www.eweek.com/article2/0,3959,663801,00.asp In many cases,
there is no reason for the remote management interface to be enabled
and disabling it serves as an easy defense against this problem.


More correctly, I should say that in ALL cases there is no reason for
the remote management interface on a Linksys router to be enabled.
This interface is a totally unencrypted web application that sends the
system management password over the Internet in plain text. Any script
kiddie with a password sniffer then gets access to your router -- and
to your network.

-- 
Eric Lee Green          GnuPG public key at http://badtux.org/eric/eric.gpg
          mailto:eric () badtux org  Web: http://www.badtux.org



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.

Current thread:

Popular Linksys Router Vulnerable to Attack InfoSec News (Nov 03)
- <Possible follow-ups>
- Re: Popular Linksys Router Vulnerable to Attack InfoSec News (Nov 05)