At 12:07 PM 8/7/99 -0400, Scott Drassinower wrote:
>It involves a bug that allows a password recovery feature to be utilized
>from the LAN or WAN instead of just the serial console port.
>
>Basically, throwing enough 6 digit numbers at a pre-3.0.8 router will
>allow you to get access to the box to do whatever you want.  It appears as
>if the problem started in 3.0.4, but I am not totally certain about that.

So the vulnerability is essentially a brute force against telnet/snmp?
Assuming you filter those out, is there another way of accessing?

>--
>  Scott M. Drassinower                                       [EMAIL PROTECTED]
>  Cloud 9 Consulting, Inc.                                    White Plains, NY
>  +1 914 696-4000                                        http://www.cloud9.net
>
>On Thu, 5 Aug 1999, Matt wrote:
>
> > The following URL contains information about a firmware upgrade for
> > FlowPoint DSL routers that fixes a possible "security compromise".
> > FlowPoint has chosen not to release ANY information whatsoever about the
> > vulnerability. I was curious if anyone had any more information
> > about this vulnerability than what FlowPoint is divulging.
> >
> > http://www.flowpoint.com/support/techbulletin/sec308.htm
> >
> > thnx
> >
> > --
> > I'm not nice, I'm vicious--it's the secret of my charm.
> >

--
PGP Key can be found at http://www.panix.com/~budke/pgp/budke_budke_com.txt

Reply via email to