Bugtraq mailing list archives
Re: hacking the mitsubishi GB-50A
From: Chris Withers <chris () simplistix co uk>
Date: Tue, 25 Mar 2008 13:48:18 +0000
Desai, Ashish wrote:
If you read your own post you would realize that Mitsubishi kept the device ipaddress prefix as 192.168.1 so only you can attackyourself.
Well, as James pointed out already, this reply is a little silly.But, just to be clear, if Mitsubishi had explicitly documented that this device should only be used on a private network and had no access controls, I don't think I'd have a problem.
However, they show a username/password box (which I'm betting is fairly easilly circumvented if you know the right urls and can forge a cookie on the client...) so I think it's fair game to expect them to implement some kind of real security.
cheers,
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
Current thread:
- hacking the mitsubishi GB-50A Chris Withers (Mar 22)
- RE: hacking the mitsubishi GB-50A Desai, Ashish (Mar 24)
- RE: hacking the mitsubishi GB-50A James C. Slora Jr. (Mar 24)
- Re: hacking the mitsubishi GB-50A Vincent Archer (Mar 25)
- Re: [BUGTRAQ] RE: hacking the mitsubishi GB-50A Joe (Mar 25)
- Re: hacking the mitsubishi GB-50A Chris Withers (Mar 25)
- RE: hacking the mitsubishi GB-50A James C. Slora Jr. (Mar 24)
- <Possible follow-ups>
- Re: hacking the mitsubishi GB-50A Steven M. Christey (Mar 26)
- Re: hacking the mitsubishi GB-50A Chris Withers (Mar 26)
- RE: hacking the mitsubishi GB-50A Desai, Ashish (Mar 24)