Bugtraq mailing list archives

Lousy password handling in BreezeCOM

From: steelfire () PLUTTEN HL LU SE (Mr. SteelFire)
Date: Thu, 10 Dec 1998 15:16:37 +0100


BreezeCOM adapters are used in wireless LAN environments and like any
communication device (switches, routers etc.) you need a password to
access the adapter.
BreezeCOM has choosed to use a burned-in factory standard password for
their adapters which really is a stupid way to handle this. They have
different passwords for different version which you cannot change and the
passwords are the following:
4.x     Super
3.x     Master
2.x     laflaf
As far as I'm concerned the passwords above works with SA (Station
Adapter) 10, SA 40 and AP (Access Point) 10.
One thing that should be pointed out is that it's not possible to access
the adapters remote (not telnet etc.) so the security problem is local.

/Steelfire
(Not the game, the real me.)

Current thread:

[SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0 Security Research Team (Dec 03)
- Breaking into houses to steal the security systems... Was: Dr. Mudge (Dec 03)
- <Possible follow-ups>
- Re: [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0 robert.flannigan () PLATINUM COM (Dec 07)
  - Call For Papers Marco de Vivo [UCV] (Dec 07)
  - Lousy password handling in BreezeCOM Mr. SteelFire (Dec 10)
    - Re: Lousy password handling in BreezeCOM Thilo Hille (Dec 10)
    - NSA paper on computer security Kragen (Dec 11)
    - about the ip header id Salvatore Sanfilippo (Dec 14)
    - Learning security Kevin M. Myer (Dec 14)
  - Administrivia Aleph One (Dec 10)
    - RealSystem passwords Guy Cohen (Dec 10)
    - Titan 3.0 Released Aleph One (Dec 10)
    - Vulnerability in IRIX fcagent daemon SGI Security Coordinator (Dec 10)
    - Linux 2.0.36: The stuff that was 'fixed quietly' [Summary] Alan Cox (Dec 10)
    - Microsoft Security Bulletin (MS98-018) Aleph One (Dec 10)