On Tue, Apr 30, 2013 at 5:23 AM, Steve Pirk <[email protected]> wrote: > Yikes! If I understand you correctly, you are saying the private key you > looked up was in the wild. Yes. To make matters worse, this crummy gateway was provided for a business line (but its the same as consumer). I was paying extra for this crap.
And it gets even better. I wanted to provide my own equipment, but I could not. I wanted to put a firewall in front of the device, but I could not. I can't get Verizon to close open WAN ports (even though Verizon/Actiontec have not patched the libupnp vulnerabilities). Try and convince me we don't need merchantability and liability laws in the technology sector.... > I give up :) Me too. Jeff > On Mon, Apr 29, 2013 at 7:17 PM, Jeffrey Walton <[email protected]> wrote: >> >> Well, this is not a good sign. I downloaded littleblackbox >> (https://code.google.com/p/littleblackbox/), which is a database of >> shared private keys. The program connects to the device or servers, >> fetches the certificate, and tries to find the private key in its >> database: >> >> jeffrey@ubuntu-12-x64:~/littleblackbox-0.1.3/bin$ ./littleblackbox -r >> 192.168.1.1:443 >> >> -----BEGIN RSA PRIVATE KEY----- >> MIICWwIBAAKBgQDOPa+w/2o5IuWs3eV2MVXEpyqLYfZScbyPpr2mY8zkbdKC6DFq >> zG6cBY7S06qobVjXmOgQMkoVoO8ihbD1NB6V/4xyDgMwJJ8uSfpaB/JyzefeoNz9 >> Gcg+s+wpKoG84PTHyfVy6xMTCwZ+qC26JLGPquu/ucwEljHy0WVYPmb9VQIDAQAB >> AoGAYrG+W9M+f+0lP95IKpFdW+grQdw1RirLc2r1oqRrrnynmqGG1HbUD7HRMS69 >> ojABrdqsYuPN9B+5kCmuDwlMANwIwV3ZwxE7A7Hy1tpi9PgckTjZW8rCl3ciEZkx >> Y+Xw9j9QGlSI6Hxthocb/4eCwwMenLrSZDj6oKuZ7DgJUJkCQQDl88c7RJsTS6HN >> ztAjFxpKobIgzy9u1AH15WDqqd2rawtJk2FTFcz0GrAy/gawKU42wFqZOKv28iMq >> 96fGcPN3AkEA5ZpSL+vQD1WAEd7Vv56zqmTOTpEOGoDD5zxfch4gvr8rCgU6hDmz >> 0Y3UQ7MRJrTNvVwYXpIUoazBBUZUfbpQkwJAagxTBXJOUke/BzspogU1itWnYJos >> NeBwRwbR+2b7Y+KqAfSGHdsf+jOUru+YBgYGnBl5rtAD/o8MyPQN2+abYQJABhbD >> mzW7vMxdqxunu38v8JLfzcGXCCjmCRnWxiX6ZFSZhZiB5sPI+wOx32G+ULJ2ylDI >> 7KkfFvKH4+Xrk7H/NQJAJWQusAs1tHhDDddvcvqe4J5q0qvNdOSTs0Cu2CimWPxe >> tfcz64o64XWgmCAaFq2pfaN4oC1kaGnIbUEdtIqNXw== >> -----END RSA PRIVATE KEY----- >> >> On Mon, Apr 29, 2013 at 2:23 AM, Jeffrey Walton <[email protected]> >> wrote: >> > Hi All, >> > >> > I have Verizon service which provides an Actiontec gateway. The >> > gateway is model MI424WR, running firmware 40.20.1. ("Firmware Update" >> > claims its up to date, even though there's been no updates for quite >> > some time, including patches to dhcp and libupnp). >> > >> > Can anyone verify the certificate (and key pair) included with the >> > gateway is unique (or better, static)? Below are the thumbprints and >> > certificate details from OpenSSL after exporting the certificate (from >> > Firefox). >> > >> > Bonus points: does anyone know how to generate a new certificate or >> > upload a new certificate? The Actiontec manual only mentions SSL >> > certificates when it says to ignore warnings and proceed because its >> > safe [1] (seriously!). >> > >> > Thanks >> > Jeff >> > >> > [1] >> > http://support.actiontec.com/doc_files/MI424WR_Vz_User_Manual_4.0.16.1.45.160_v4.pdf >> > >> > $ openssl x509 -in ORname_Jungo\:OpenRGProductsGroup -noout -fingerprint >> > SHA1 >> > Fingerprint=43:88:33:C0:94:F6:AF:C8:64:C6:0E:4A:6F:57:E9:F4:D1:28:14:11 >> > >> > $ openssl x509 -in ORname_Jungo\:OpenRGProductsGroup -noout -text >> > Certificate: >> > Data: >> > Version: 3 (0x2) >> > Serial Number: 0 (0x0) >> > Signature Algorithm: md5WithRSAEncryption >> > Issuer: C=US, CN=ORname_Jungo: OpenRG Products Group >> > Validity >> > Not Before: Jun 3 11:11:43 2004 GMT >> > Not After : May 29 11:11:43 2024 GMT >> > Subject: C=US, CN=ORname_Jungo: OpenRG Products Group >> > Subject Public Key Info: >> > Public Key Algorithm: rsaEncryption >> > Public-Key: (1024 bit) >> > Modulus: >> > 00:ce:3d:af:b0:ff:6a:39:22:e5:ac:dd:e5:76:31: >> > 55:c4:a7:2a:8b:61:f6:52:71:bc:8f:a6:bd:a6:63: >> > cc:e4:6d:d2:82:e8:31:6a:cc:6e:9c:05:8e:d2:d3: >> > aa:a8:6d:58:d7:98:e8:10:32:4a:15:a0:ef:22:85: >> > b0:f5:34:1e:95:ff:8c:72:0e:03:30:24:9f:2e:49: >> > fa:5a:07:f2:72:cd:e7:de:a0:dc:fd:19:c8:3e:b3: >> > ec:29:2a:81:bc:e0:f4:c7:c9:f5:72:eb:13:13:0b: >> > 06:7e:a8:2d:ba:24:b1:8f:aa:eb:bf:b9:cc:04:96: >> > 31:f2:d1:65:58:3e:66:fd:55 >> > Exponent: 65537 (0x10001) >> > X509v3 extensions: >> > X509v3 Basic Constraints: >> > CA:TRUE, pathlen:5 >> > X509v3 Key Usage: >> > Digital Signature, Non Repudiation, Key Encipherment, >> > Data Encipherment, Certificate Sign >> > X509v3 Extended Key Usage: >> > TLS Web Client Authentication, Code Signing, E-mail >> > Protection, TLS Web Server Authentication >> > Netscape Comment: >> > Jungo OpenRG Products Group standard certificate >> > Netscape Cert Type: >> > SSL Client, SSL Server, SSL CA >> > Signature Algorithm: md5WithRSAEncryption >> > 9e:d6:d6:cd:8f:e4:52:1a:ad:77:99:4d:f9:91:18:da:06:12: >> > 92:df:5f:5a:88:8b:66:87:7d:86:03:2c:d7:82:3e:24:64:56: >> > b9:10:f5:ad:ef:77:c2:f9:45:d4:51:6f:c4:93:a4:cf:63:0b: >> > 73:47:64:47:4c:f4:fd:6d:fa:cf:b4:f0:ef:2a:49:53:ff:35: >> > 77:29:ed:6b:dc:88:58:b4:b2:c1:d9:f5:fd:8e:80:ed:5e:81: >> > c3:24:05:46:e2:65:83:6f:e7:0c:ff:ad:52:5b:5c:e9:c5:db: >> > 51:ef:06:75:39:b6:20:04:c0:cc:44:7c:38:a1:91:6c:13:2d: >> > 5e:ab _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
