Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Default SSL Keys in Multiple Routers
From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Mon, 20 Dec 2010 16:36:15 +0000

LOL.  Yeah, it seems like I get myself in this cycle of "OMG, really?" followed by "maybe people are starting to learn" 
and then back to disappointment. 

To be honest, this was something that I never really considered (shared, persistent keys on routers).  In hindsight, it 
seems like an obvious concern, but it is still interesting.  


-----Original Message-----
From: Michal Zalewski [mailto:lcamtuf () coredump cx]
Sent: Monday, December 20, 2010 8:16 AM
To: Thor (Hammer of God)
Cc: Craig Heffner; full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] Default SSL Keys in Multiple Routers

These manufacturers use the same key on each of their models?  That
seems ridiculous to me...

As a person who had a Siemens AP / router with a hardcoded, hidden
"management" account on it, I find your surprise entertaining ;-)

Craig, cool project.


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]