Bugtraq: Re: Lousy password handling in BreezeCOM

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Lousy password handling in BreezeCOM

From: hille () DARKGATE EQUINOXE DE (Thilo Hille)
Date: Thu, 10 Dec 1998 20:21:43 +0100


as far as i know its possible to set installerrights via snmp.
there is also a kind of DOS in the way of updating the firmware.
the tftpserver requires no authorization to upload the firmware and reset.
so someone could easily upload any file.
after that you have to send the affected device to breezecom to
get a new firmware cause the tftpserver is part of the firmware....

the only protection is to set up no ip-configuration.


Thilo Hille
Equinoxe Internet Galerie
Adlerstr.7
79098 Freiburg

Fon: 0761-382263
Fax: 0761-382265
email: hille () equinoxe de
***** www.equinoxe.de *******

By Date By Thread

Current thread:

[SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0 Security Research Team (Dec 03)
- Breaking into houses to steal the security systems... Was: Dr. Mudge (Dec 03)
- <Possible follow-ups>
- Re: [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0 robert.flannigan () PLATINUM COM (Dec 07)
  - Call For Papers Marco de Vivo [UCV] (Dec 07)
  - Lousy password handling in BreezeCOM Mr. SteelFire (Dec 10)
    - Re: Lousy password handling in BreezeCOM Thilo Hille (Dec 10)
    - NSA paper on computer security Kragen (Dec 11)
    - about the ip header id Salvatore Sanfilippo (Dec 14)
    - Learning security Kevin M. Myer (Dec 14)
  - Administrivia Aleph One (Dec 10)
    - RealSystem passwords Guy Cohen (Dec 10)