Bugtraq: Re: hacking the mitsubishi GB-50A

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: hacking the mitsubishi GB-50A

From: Chris Withers <chris () simplistix co uk>
Date: Tue, 25 Mar 2008 13:48:18 +0000

Desai, Ashish wrote:

If you read your own post you would realize that Mitsubishikept the device ipaddress prefix as 192.168.1 so only you can attack
yourself.


Well, as James pointed out already, this reply is a little silly.

But, just to be clear, if Mitsubishi had explicitly documented that thisdevice should only be used on a private network and had no accesscontrols, I don't think I'd have a problem.

However, they show a username/password box (which I'm betting is fairlyeasilly circumvented if you know the right urls and can forge a cookieon the client...) so I think it's fair game to expect them to implementsome kind of real security.


cheers,

Chris

--
Simplistix - Content Management, Zope & Python Consulting
           - http://www.simplistix.co.uk

By Date By Thread

Current thread:

hacking the mitsubishi GB-50A Chris Withers (Mar 22)
- RE: hacking the mitsubishi GB-50A Desai, Ashish (Mar 24)
  - RE: hacking the mitsubishi GB-50A James C. Slora Jr. (Mar 24)
    - Re: hacking the mitsubishi GB-50A Vincent Archer (Mar 25)
    - Re: [BUGTRAQ] RE: hacking the mitsubishi GB-50A Joe (Mar 25)
  - Re: hacking the mitsubishi GB-50A Chris Withers (Mar 25)
- <Possible follow-ups>
- Re: hacking the mitsubishi GB-50A Steven M. Christey (Mar 26)
  - Re: hacking the mitsubishi GB-50A Chris Withers (Mar 26)