Yikes! If I understand you correctly, you are saying the private key you looked up was in the wild. I give up :)
-- steve <http://pirk.com> On Mon, Apr 29, 2013 at 7:17 PM, Jeffrey Walton <[email protected]> wrote: > Well, this is not a good sign. I downloaded littleblackbox > (https://code.google.com/p/littleblackbox/), which is a database of > shared private keys. The program connects to the device or servers, > fetches the certificate, and tries to find the private key in its > database: > > jeffrey@ubuntu-12-x64:~/littleblackbox-0.1.3/bin$ ./littleblackbox -r > 192.168.1.1:443 > > -----BEGIN RSA PRIVATE KEY----- > MIICWwIBAAKBgQDOPa+w/2o5IuWs3eV2MVXEpyqLYfZScbyPpr2mY8zkbdKC6DFq > zG6cBY7S06qobVjXmOgQMkoVoO8ihbD1NB6V/4xyDgMwJJ8uSfpaB/JyzefeoNz9 > Gcg+s+wpKoG84PTHyfVy6xMTCwZ+qC26JLGPquu/ucwEljHy0WVYPmb9VQIDAQAB > AoGAYrG+W9M+f+0lP95IKpFdW+grQdw1RirLc2r1oqRrrnynmqGG1HbUD7HRMS69 > ojABrdqsYuPN9B+5kCmuDwlMANwIwV3ZwxE7A7Hy1tpi9PgckTjZW8rCl3ciEZkx > Y+Xw9j9QGlSI6Hxthocb/4eCwwMenLrSZDj6oKuZ7DgJUJkCQQDl88c7RJsTS6HN > ztAjFxpKobIgzy9u1AH15WDqqd2rawtJk2FTFcz0GrAy/gawKU42wFqZOKv28iMq > 96fGcPN3AkEA5ZpSL+vQD1WAEd7Vv56zqmTOTpEOGoDD5zxfch4gvr8rCgU6hDmz > 0Y3UQ7MRJrTNvVwYXpIUoazBBUZUfbpQkwJAagxTBXJOUke/BzspogU1itWnYJos > NeBwRwbR+2b7Y+KqAfSGHdsf+jOUru+YBgYGnBl5rtAD/o8MyPQN2+abYQJABhbD > mzW7vMxdqxunu38v8JLfzcGXCCjmCRnWxiX6ZFSZhZiB5sPI+wOx32G+ULJ2ylDI > 7KkfFvKH4+Xrk7H/NQJAJWQusAs1tHhDDddvcvqe4J5q0qvNdOSTs0Cu2CimWPxe > tfcz64o64XWgmCAaFq2pfaN4oC1kaGnIbUEdtIqNXw== > -----END RSA PRIVATE KEY----- > > On Mon, Apr 29, 2013 at 2:23 AM, Jeffrey Walton <[email protected]> > wrote: > > Hi All, > > > > I have Verizon service which provides an Actiontec gateway. The > > gateway is model MI424WR, running firmware 40.20.1. ("Firmware Update" > > claims its up to date, even though there's been no updates for quite > > some time, including patches to dhcp and libupnp). > > > > Can anyone verify the certificate (and key pair) included with the > > gateway is unique (or better, static)? Below are the thumbprints and > > certificate details from OpenSSL after exporting the certificate (from > > Firefox). > > > > Bonus points: does anyone know how to generate a new certificate or > > upload a new certificate? The Actiontec manual only mentions SSL > > certificates when it says to ignore warnings and proceed because its > > safe [1] (seriously!). > > > > Thanks > > Jeff > > > > [1] > http://support.actiontec.com/doc_files/MI424WR_Vz_User_Manual_4.0.16.1.45.160_v4.pdf > > > > $ openssl x509 -in ORname_Jungo\:OpenRGProductsGroup -noout -fingerprint > > SHA1 > Fingerprint=43:88:33:C0:94:F6:AF:C8:64:C6:0E:4A:6F:57:E9:F4:D1:28:14:11 > > > > $ openssl x509 -in ORname_Jungo\:OpenRGProductsGroup -noout -text > > Certificate: > > Data: > > Version: 3 (0x2) > > Serial Number: 0 (0x0) > > Signature Algorithm: md5WithRSAEncryption > > Issuer: C=US, CN=ORname_Jungo: OpenRG Products Group > > Validity > > Not Before: Jun 3 11:11:43 2004 GMT > > Not After : May 29 11:11:43 2024 GMT > > Subject: C=US, CN=ORname_Jungo: OpenRG Products Group > > Subject Public Key Info: > > Public Key Algorithm: rsaEncryption > > Public-Key: (1024 bit) > > Modulus: > > 00:ce:3d:af:b0:ff:6a:39:22:e5:ac:dd:e5:76:31: > > 55:c4:a7:2a:8b:61:f6:52:71:bc:8f:a6:bd:a6:63: > > cc:e4:6d:d2:82:e8:31:6a:cc:6e:9c:05:8e:d2:d3: > > aa:a8:6d:58:d7:98:e8:10:32:4a:15:a0:ef:22:85: > > b0:f5:34:1e:95:ff:8c:72:0e:03:30:24:9f:2e:49: > > fa:5a:07:f2:72:cd:e7:de:a0:dc:fd:19:c8:3e:b3: > > ec:29:2a:81:bc:e0:f4:c7:c9:f5:72:eb:13:13:0b: > > 06:7e:a8:2d:ba:24:b1:8f:aa:eb:bf:b9:cc:04:96: > > 31:f2:d1:65:58:3e:66:fd:55 > > Exponent: 65537 (0x10001) > > X509v3 extensions: > > X509v3 Basic Constraints: > > CA:TRUE, pathlen:5 > > X509v3 Key Usage: > > Digital Signature, Non Repudiation, Key Encipherment, > > Data Encipherment, Certificate Sign > > X509v3 Extended Key Usage: > > TLS Web Client Authentication, Code Signing, E-mail > > Protection, TLS Web Server Authentication > > Netscape Comment: > > Jungo OpenRG Products Group standard certificate > > Netscape Cert Type: > > SSL Client, SSL Server, SSL CA > > Signature Algorithm: md5WithRSAEncryption > > 9e:d6:d6:cd:8f:e4:52:1a:ad:77:99:4d:f9:91:18:da:06:12: > > 92:df:5f:5a:88:8b:66:87:7d:86:03:2c:d7:82:3e:24:64:56: > > b9:10:f5:ad:ef:77:c2:f9:45:d4:51:6f:c4:93:a4:cf:63:0b: > > 73:47:64:47:4c:f4:fd:6d:fa:cf:b4:f0:ef:2a:49:53:ff:35: > > 77:29:ed:6b:dc:88:58:b4:b2:c1:d9:f5:fd:8e:80:ed:5e:81: > > c3:24:05:46:e2:65:83:6f:e7:0c:ff:ad:52:5b:5c:e9:c5:db: > > 51:ef:06:75:39:b6:20:04:c0:cc:44:7c:38:a1:91:6c:13:2d: > > 5e:ab > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. >
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
