Bugtraq mailing list archives
Re: Accesspoints disclose wep keys, password and mac filter (fwd)
From: tenty () overkillnetworks com
Date: Sat, 9 Nov 2002 06:40:49 +0800
Quoting informatik.koerfer () web de:
In-Reply-To: <20021106185730.15557.qmail () mail securityfocus com>Possibly vulnerable, not tested, OEM Version from GlobalSunTech: D-Link DWL-900AP+ B1 version 2.1 and 2.2
<snip>
The D-Link DWL-900AP+ B1 2.1 isn't affected.
I'm sorry, this device IS vulnerable, I believe ALL others are as well. The source code posted is only a proof of concept, slight modifications will deliver the correct result.
<snip> Just a little FYI: I Upgraded to the latest firmware located on the support.dlink.com site, It seems as though this is vulnerable as well and returns: Type : GL2422AP-00-0M0 T1.0 -042.3 Announced Name: DWL-900AP+ Admin Username: admin Admin Password: admin SSID : default Wep Key : 00 00 00 00 00 00 00 00 00 00 00 00 00 (The Wep Key, Admin password, and SSID have been changed to protect the innocent) Again, this is the latest firmware located on the dlink support site: Firmware Version 2.3 , Tue, 29 Sep 2002 Which was apparently relased on the 4th November 2002, as per the information on their site. The site clearly explains though that it is only an upgrade to secure TFTP and nothing else though. The informaion was extracted using the "Altered Test Prog" (and a bit of tweeking) that /håkan supplied in previous posts. Correct me if I'm wrong, and being quite new to the security scene, I imagine I would be, but wouldnt the most logical step for firewalling, to update a ruleset that doesnt allow network wide broadcasts, if it can be helped that is? If anyone needs me to run some more tests, just let me know what to run. Cheers -TenTaCLE ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/
Current thread:
- Re: Accesspoints disclose wep keys, password and mac filter (fwd), (continued)
- Re: Accesspoints disclose wep keys, password and mac filter (fwd) Frank Louwers (Nov 04)
- Re: Accesspoints disclose wep keys, password and mac filter (fwd) Cliff Albert (Nov 04)
- Re: Accesspoints disclose wep keys, password and mac filter (fwd) Hakan Carlsson (Nov 07)
- Re: Accesspoints disclose wep keys, password and mac filter (fwd) Thomas Sarlandie (Nov 08)
- Re: Accesspoints disclose wep keys, password and mac filter (fwd) Tollef Fog Heen (Nov 09)
- RE: Accesspoints disclose wep keys, password and mac filter (fwd) Melson, Paul (Nov 04)
- Re: Accesspoints disclose wep keys, password and mac filter (fwd) Casper Dik (Nov 08)
- Re: Accesspoints disclose wep keys, password and mac filter (fwd) d k (Nov 05)
- Re: Accesspoints disclose wep keys, password and mac filter (fwd) informatik.koerfer (Nov 07)
- Re: Accesspoints disclose wep keys, password and mac filter (fwd) informatik.koerfer (Nov 07)
- Re: Accesspoints disclose wep keys, password and mac filter (fwd) tenty (Nov 09)
- Re: Accesspoints disclose wep keys, password and mac filter (fwd) Alex Harasic (Nov 08)