Full Disclosure mailing list archives
Re: Drive-by Pharming
From: "Brian Eaton" <eaton.lists () gmail com>
Date: Fri, 16 Feb 2007 10:49:47 -0500
On Thur, 16 Feb 2007 02:00:00 +0800, psirt () cisco com <psirt () cisco com> wrote:
As the paper does not disclose any new vulnerability in Cisco products, Cisco is issuing this response and not a Security Advisory. The purpose of this response is to inform customers how to change any default credentials which may ship pre-configured on an impacted Cisco router (identified below), upon initial configuration and before the device is connected to a public network.
The Drive-by Pharming paper also relied on exploiting CSRF vulnerabilities in the router web administration interfaces. Changing the passwords does a lot to mitigate the risk, but the CSRF vulnerabilities should be fixed. Regards, Brian _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Drive-by Pharming Oliver Friedrichs (Feb 15)
- Re: Drive-by Pharming James Matthews (Feb 16)
- Re: Drive-by Pharming Knud Erik Højgaard (Feb 16)
- Re: Drive-by Pharming McCarty, Eric C. (Feb 16)
- Re: Drive-by Pharming Knud Erik Højgaard (Feb 16)
- <Possible follow-ups>
- Re: Drive-by Pharming psirt (Feb 16)
- Re: Drive-by Pharming Brian Eaton (Feb 16)
- Re: Drive-by Pharming Larry Seltzer (Feb 16)
- Re: Drive-by Pharming Dario Ciccarone (dciccaro) (Feb 16)
- Re: Drive-by Pharming Fabian (Lists) (Feb 16)
- Re: Drive-by Pharming pagvac (Feb 17)
- Re: [inbox] Re: Drive-by Pharming Exibar (Feb 18)
- Re: Drive-by Pharming James Matthews (Feb 16)