Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: SMC7004VB sensitive information leak

SMC7004VB sensitive information leak

From: Alexander Müller <alexander.mueller_at_electronic-security.de>
Date: Sun, 31 Aug 2003 23:00:42 +0200 (Westeuropäische Sommerzeit)

:: Advisory

Vulnerable: SMC7004VB sensitive information leak
Found: July 25th 2003
Vendor: SMC
Vendor notified: August 15th 2003
Vendor response: Answered but is on vacation.
Public release: August 31th 2003

Vulnerability:

An incorrect configuration in the SMC7004VB router allows you
to steal usernames and passes.
You can also use the IP without spoofing.

Some days ago, I scanned the IP of a teammember and LANguard
detected an installed proxy.
I tried to visit the homepage of this proxy...
But there was none. I used the proxy and opened the page again.
A saw a loginscript and tried some passes (username isn't required).
I tested some passes but the proxy didn't block.
Therefore I started a Bruteforceattack and after this I
noticed, the proxy did not block after thousands of passes.
I aborted this test.

That was the proof that you can get the pass with a stupid
working attack

Alexander Müller
Electronic Security
www.EC-Security.com

Thanks to: mo (Kryptocrew.de), Fabian Becker (Electronic Security)
Received on Sep 02 2003

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]