Penetration Testing mailing list archives
RE: RE: Pentesting a Web Applicaton
From: "Stong, Ian C CTR DISA GIG-CS" <Ian.Stong.ctr () disa mil>
Date: Fri, 1 Jun 2007 15:12:02 -0400
Just for clarification - I have backups of the configs and could reset the device and reload the config but as soon as you do that it also restores the password. In addition you can't change the password without knowing the old password. And it's not actually the model listed and it's not a work device. Didn't want to give away the actual model number, IP address and code version, etc in case someone got bored and tried to hack away at it externally :) -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of ebk_lists () hotmail com Sent: Friday, June 01, 2007 2:01 PM To: pen-test () securityfocus com Subject: Re: RE: Pentesting a Web Applicaton Indeed. I would recommend not caching passwords in windoze for one, and for two backing up configs in critical devices such as this one. And on that note, this seems like a lot (VOIP, VPN, NAT, etc) to run on a little SoHo router like this. Especially one this old that doesn't even support WPA. Can't DISA get you a real router? ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- Re: Pentesting a Web Applicaton Haroon Meer (Jun 01)
- <Possible follow-ups>
- RE: Pentesting a Web Applicaton Stong, Ian C CTR DISA GIG-CS (Jun 01)
- Message not available
- RE: Pentesting a Web Applicaton Peter Wood (Jun 01)
- Message not available
- Re: Pentesting a Web Applicaton Jamie Riden (Jun 01)
- Re: Pentesting a Web Applicaton sherwyn . williams (Jun 01)
- Re: RE: Pentesting a Web Applicaton ebk_lists (Jun 01)
- RE: RE: Pentesting a Web Applicaton Stong, Ian C CTR DISA GIG-CS (Jun 01)
- Re: RE: Pentesting a Web Applicaton Jamie Riden (Jun 01)
- Re: RE: Pentesting a Web Applicaton sherwyn . williams (Jun 01)
- RE: RE: Pentesting a Web Applicaton Alex Balayan (Jun 11)
- RE: RE: Pentesting a Web Applicaton Stong, Ian C CTR DISA GIG-CS (Jun 01)
- Re: Pentesting a Web Applicaton Hylton Conacher (ZR1HPC) (Jun 04)