funsec mailing list archives
Re: Verizon Service, Actiontec Gateway, and SSL Certifcate
From: Jeffrey Walton <noloader () gmail com>
Date: Mon, 29 Apr 2013 22:17:53 -0400
Well, this is not a good sign. I downloaded littleblackbox (https://code.google.com/p/littleblackbox/), which is a database of shared private keys. The program connects to the device or servers, fetches the certificate, and tries to find the private key in its database: jeffrey@ubuntu-12-x64:~/littleblackbox-0.1.3/bin$ ./littleblackbox -r 192.168.1.1:443 -----BEGIN RSA PRIVATE KEY----- MIICWwIBAAKBgQDOPa+w/2o5IuWs3eV2MVXEpyqLYfZScbyPpr2mY8zkbdKC6DFq zG6cBY7S06qobVjXmOgQMkoVoO8ihbD1NB6V/4xyDgMwJJ8uSfpaB/JyzefeoNz9 Gcg+s+wpKoG84PTHyfVy6xMTCwZ+qC26JLGPquu/ucwEljHy0WVYPmb9VQIDAQAB AoGAYrG+W9M+f+0lP95IKpFdW+grQdw1RirLc2r1oqRrrnynmqGG1HbUD7HRMS69 ojABrdqsYuPN9B+5kCmuDwlMANwIwV3ZwxE7A7Hy1tpi9PgckTjZW8rCl3ciEZkx Y+Xw9j9QGlSI6Hxthocb/4eCwwMenLrSZDj6oKuZ7DgJUJkCQQDl88c7RJsTS6HN ztAjFxpKobIgzy9u1AH15WDqqd2rawtJk2FTFcz0GrAy/gawKU42wFqZOKv28iMq 96fGcPN3AkEA5ZpSL+vQD1WAEd7Vv56zqmTOTpEOGoDD5zxfch4gvr8rCgU6hDmz 0Y3UQ7MRJrTNvVwYXpIUoazBBUZUfbpQkwJAagxTBXJOUke/BzspogU1itWnYJos NeBwRwbR+2b7Y+KqAfSGHdsf+jOUru+YBgYGnBl5rtAD/o8MyPQN2+abYQJABhbD mzW7vMxdqxunu38v8JLfzcGXCCjmCRnWxiX6ZFSZhZiB5sPI+wOx32G+ULJ2ylDI 7KkfFvKH4+Xrk7H/NQJAJWQusAs1tHhDDddvcvqe4J5q0qvNdOSTs0Cu2CimWPxe tfcz64o64XWgmCAaFq2pfaN4oC1kaGnIbUEdtIqNXw== -----END RSA PRIVATE KEY----- On Mon, Apr 29, 2013 at 2:23 AM, Jeffrey Walton <noloader () gmail com> wrote:
Hi All, I have Verizon service which provides an Actiontec gateway. The gateway is model MI424WR, running firmware 40.20.1. ("Firmware Update" claims its up to date, even though there's been no updates for quite some time, including patches to dhcp and libupnp). Can anyone verify the certificate (and key pair) included with the gateway is unique (or better, static)? Below are the thumbprints and certificate details from OpenSSL after exporting the certificate (from Firefox). Bonus points: does anyone know how to generate a new certificate or upload a new certificate? The Actiontec manual only mentions SSL certificates when it says to ignore warnings and proceed because its safe [1] (seriously!). Thanks Jeff [1] http://support.actiontec.com/doc_files/MI424WR_Vz_User_Manual_4.0.16.1.45.160_v4.pdf $ openssl x509 -in ORname_Jungo\:OpenRGProductsGroup -noout -fingerprint SHA1 Fingerprint=43:88:33:C0:94:F6:AF:C8:64:C6:0E:4A:6F:57:E9:F4:D1:28:14:11 $ openssl x509 -in ORname_Jungo\:OpenRGProductsGroup -noout -text Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: md5WithRSAEncryption Issuer: C=US, CN=ORname_Jungo: OpenRG Products Group Validity Not Before: Jun 3 11:11:43 2004 GMT Not After : May 29 11:11:43 2024 GMT Subject: C=US, CN=ORname_Jungo: OpenRG Products Group Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: 00:ce:3d:af:b0:ff:6a:39:22:e5:ac:dd:e5:76:31: 55:c4:a7:2a:8b:61:f6:52:71:bc:8f:a6:bd:a6:63: cc:e4:6d:d2:82:e8:31:6a:cc:6e:9c:05:8e:d2:d3: aa:a8:6d:58:d7:98:e8:10:32:4a:15:a0:ef:22:85: b0:f5:34:1e:95:ff:8c:72:0e:03:30:24:9f:2e:49: fa:5a:07:f2:72:cd:e7:de:a0:dc:fd:19:c8:3e:b3: ec:29:2a:81:bc:e0:f4:c7:c9:f5:72:eb:13:13:0b: 06:7e:a8:2d:ba:24:b1:8f:aa:eb:bf:b9:cc:04:96: 31:f2:d1:65:58:3e:66:fd:55 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:TRUE, pathlen:5 X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Certificate Sign X509v3 Extended Key Usage: TLS Web Client Authentication, Code Signing, E-mail Protection, TLS Web Server Authentication Netscape Comment: Jungo OpenRG Products Group standard certificate Netscape Cert Type: SSL Client, SSL Server, SSL CA Signature Algorithm: md5WithRSAEncryption 9e:d6:d6:cd:8f:e4:52:1a:ad:77:99:4d:f9:91:18:da:06:12: 92:df:5f:5a:88:8b:66:87:7d:86:03:2c:d7:82:3e:24:64:56: b9:10:f5:ad:ef:77:c2:f9:45:d4:51:6f:c4:93:a4:cf:63:0b: 73:47:64:47:4c:f4:fd:6d:fa:cf:b4:f0:ef:2a:49:53:ff:35: 77:29:ed:6b:dc:88:58:b4:b2:c1:d9:f5:fd:8e:80:ed:5e:81: c3:24:05:46:e2:65:83:6f:e7:0c:ff:ad:52:5b:5c:e9:c5:db: 51:ef:06:75:39:b6:20:04:c0:cc:44:7c:38:a1:91:6c:13:2d: 5e:ab
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Verizon Service, Actiontec Gateway, and SSL Certifcate Jeffrey Walton (Apr 28)
- Re: Verizon Service, Actiontec Gateway, and SSL Certifcate Jeffrey Walton (Apr 29)
- Re: Verizon Service, Actiontec Gateway, and SSL Certifcate Jeffrey Walton (Apr 29)
- Re: Verizon Service, Actiontec Gateway, and SSL Certifcate Steve Pirk (Apr 30)
- Re: Verizon Service, Actiontec Gateway, and SSL Certifcate Jeffrey Walton (Apr 30)
- Re: Verizon Service, Actiontec Gateway, and SSL Certifcate Steve Pirk (Apr 30)