Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Authentication Issue DD-WRT
From: "João Francisco" <jfcastilho () gmail com>
Date: Thu, 26 Oct 2006 14:15:46 -0300

Does anyone noticed that to authenticate in any wireless router running
DD-WRT firmware (lastest version), it only check the first 8 characters of
the password???
E.g. you can set the root password to yellowmonkey123 () 123 and when you try
to authenticate with yellowmonkey () blablabla ... got root!
Some other firmware users noticed and reported to the developer, but no
action was taken.
It´s a excelent firmware to use with linksys routers, many extras resources,
etc, but not from the security point of view.
João Castilho
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • Authentication Issue DD-WRT João Francisco (Oct 26)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]