Bugtraq mailing list archives

aDSL routers

From: dbrumley () GOJU STANFORD EDU (David Brumley)
Date: Tue, 13 Apr 1999 23:01:50 -0700


Welp, aDSL is here.  And at least one manufacturer, flowpoint, sets no
admin password.  It's in the documentation, so I assume the
company already knows about this vulnerability:) System managers
who have aDSL access often overlook this, so I thought I'd point it out.
A quick fix: disable telnet access to all of your aDSL router IP's.
Better fix: set an admin password.

Version tested:
FlowPoint/2000 ADSL Router
FlowPoint-2000 BOOT/POST V4.0.2 (18-Mar-98 12:00)
Software version v1.4.5 built Tue Aug 11 23:20:20 PDT 1998

Cheers,
-db

Current thread:

Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight, (continued)
- - Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight Mark Crispin (Apr 09)
    - Re: ipop3d (x2) / pine (x2) / ... GvS (Apr 11)
    - Re: ipop3d (x2) / pine (x2) / ... Thomas Roessler (Apr 12)
    - [support_feedback () us-support external hp com: Security Bulletins Patrick Oonk (Apr 13)
- Patrol security bugs fcosta (Apr 09)
- Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight M.C.Mar (Apr 09)
  - New Novell Remote.NLM Password Decryption Algorithm with Exploit dreamer () RELIA NET (Apr 09)
    - Novell Pandora Hack Jeremy M. Guthrie (Apr 12)
    - Re: Novell Pandora Hack Simple Nomad (Apr 13)
    - Re: Novell Pandora Hack Iain P.C. Moffat (Apr 13)
    - aDSL routers David Brumley (Apr 13)
    - Re: aDSL routers Derek Vadala (Apr 14)
    - aDSL routers Brad Zimmerman (Apr 14)
    - Re: aDSL routers Truman Boyes (Apr 14)
  - Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight Mark Crispin (Apr 09)
- Pine 4.xx exploit Maurycy Prodeus (Apr 09)
- Re: ipop3d (x2) / pine (x2) / ... GvS (Apr 11)
- Re: ipop3d (x2) / pine (x2) Oliver Xymoron (Apr 11)