Hi All,
I have Verizon service which provides an Actiontec gateway. The
gateway is model MI424WR, running firmware 40.20.1. ("Firmware Update"
claims its up to date, even though there's been no updates for quite
some time, including patches to dhcp and libupnp).
Can anyone verify the certificate (and key pair) included with the
gateway is unique (or better, static)? Below are the thumbprints and
certificate details from OpenSSL after exporting the certificate (from
Firefox).
Bonus points: does anyone know how to generate a new certificate or
upload a new certificate? The Actiontec manual only mentions SSL
certificates when it says to ignore warnings and proceed because its
safe [1] (seriously!).
Thanks
Jeff
[1]
http://support.actiontec.com/doc_files/MI424WR_Vz_User_Manual_4.0.16.1.45.160_v4.pdf
$ openssl x509 -in ORname_Jungo\:OpenRGProductsGroup -noout -fingerprint
SHA1 Fingerprint=43:88:33:C0:94:F6:AF:C8:64:C6:0E:4A:6F:57:E9:F4:D1:28:14:11
$ openssl x509 -in ORname_Jungo\:OpenRGProductsGroup -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, CN=ORname_Jungo: OpenRG Products Group
Validity
Not Before: Jun 3 11:11:43 2004 GMT
Not After : May 29 11:11:43 2024 GMT
Subject: C=US, CN=ORname_Jungo: OpenRG Products Group
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:ce:3d:af:b0:ff:6a:39:22:e5:ac:dd:e5:76:31:
55:c4:a7:2a:8b:61:f6:52:71:bc:8f:a6:bd:a6:63:
cc:e4:6d:d2:82:e8:31:6a:cc:6e:9c:05:8e:d2:d3:
aa:a8:6d:58:d7:98:e8:10:32:4a:15:a0:ef:22:85:
b0:f5:34:1e:95:ff:8c:72:0e:03:30:24:9f:2e:49:
fa:5a:07:f2:72:cd:e7:de:a0:dc:fd:19:c8:3e:b3:
ec:29:2a:81:bc:e0:f4:c7:c9:f5:72:eb:13:13:0b:
06:7e:a8:2d:ba:24:b1:8f:aa:eb:bf:b9:cc:04:96:
31:f2:d1:65:58:3e:66:fd:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:TRUE, pathlen:5
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment,
Data Encipherment, Certificate Sign
X509v3 Extended Key Usage:
TLS Web Client Authentication, Code Signing, E-mail
Protection, TLS Web Server Authentication
Netscape Comment:
Jungo OpenRG Products Group standard certificate
Netscape Cert Type:
SSL Client, SSL Server, SSL CA
Signature Algorithm: md5WithRSAEncryption
9e:d6:d6:cd:8f:e4:52:1a:ad:77:99:4d:f9:91:18:da:06:12:
92:df:5f:5a:88:8b:66:87:7d:86:03:2c:d7:82:3e:24:64:56:
b9:10:f5:ad:ef:77:c2:f9:45:d4:51:6f:c4:93:a4:cf:63:0b:
73:47:64:47:4c:f4:fd:6d:fa:cf:b4:f0:ef:2a:49:53:ff:35:
77:29:ed:6b:dc:88:58:b4:b2:c1:d9:f5:fd:8e:80:ed:5e:81:
c3:24:05:46:e2:65:83:6f:e7:0c:ff:ad:52:5b:5c:e9:c5:db:
51:ef:06:75:39:b6:20:04:c0:cc:44:7c:38:a1:91:6c:13:2d:
5e:ab
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
