Bugtraq: Lousy password handling in BreezeCOM

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Lousy password handling in BreezeCOM

From: steelfire () PLUTTEN HL LU SE (Mr. SteelFire)
Date: Thu, 10 Dec 1998 15:16:37 +0100


BreezeCOM adapters are used in wireless LAN environments and like any
communication device (switches, routers etc.) you need a password to
access the adapter.
BreezeCOM has choosed to use a burned-in factory standard password for
their adapters which really is a stupid way to handle this. They have
different passwords for different version which you cannot change and the
passwords are the following:
4.x     Super
3.x     Master
2.x     laflaf
As far as I'm concerned the passwords above works with SA (Station
Adapter) 10, SA 40 and AP (Access Point) 10.
One thing that should be pointed out is that it's not possible to access
the adapters remote (not telnet etc.) so the security problem is local.

/Steelfire
(Not the game, the real me.)

By Date By Thread

Current thread:

[SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0 Security Research Team (Dec 03)
- Breaking into houses to steal the security systems... Was: Dr. Mudge (Dec 03)
- <Possible follow-ups>
- Re: [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0 robert.flannigan () PLATINUM COM (Dec 07)
  - Call For Papers Marco de Vivo [UCV] (Dec 07)
  - Lousy password handling in BreezeCOM Mr. SteelFire (Dec 10)
    - Re: Lousy password handling in BreezeCOM Thilo Hille (Dec 10)
    - NSA paper on computer security Kragen (Dec 11)
    - about the ip header id Salvatore Sanfilippo (Dec 14)
    - Learning security Kevin M. Myer (Dec 14)
  - Administrivia Aleph One (Dec 10)