Bugtraq mailing list archives
Improper Authentication Mechanism in 3Com Wireless8760 Dual Radio 11a/b/g Poe Access Point
From: Yossi Yakubov <yos20053 () gmail com>
Date: Tue, 15 Sep 2009 22:27:31 +0300
Hi My name is Yossi Yakubov and i am a security researcher. Recently me and my collegues found the following vulnerability in the 3Com Wireless8760 web administration interface: If one user is authenticated to the web interface, other users can access to internal pages without further authentication. That means that one opened Session is enough between the user and web administration , and other users can also access to the web administration interface. Malicious user can wait until ones logins to the interface and then he can access and administer 3Com Wireless8760 Access Point without further authentication. Among different operations the malicious user can cause to Denial of Service (Dos) attack to the entire network by changing the configuration such as IP addresses. FYI Waiting for your review Best Regards Yossi Yakubov
Current thread:
- Improper Authentication Mechanism in 3Com Wireless8760 Dual Radio 11a/b/g Poe Access Point Yossi Yakubov (Sep 15)