Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_2

Bugtraq archives for 2nd quarter (Apr-Jun) 1998: Webramp M3 login info

Webramp M3 login info

the_coyoteGEOCITIES.COM
Sat, 18 Apr 1998 16:34:53 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Raymond Dijkxhoorn: "Re: Nasty security hole in "lprm""
Previous message: Chris Evans: "Re: Nasty security hole in "lprm""
Next in thread: Niek Jongerius: "Re: Webramp M3 login info"

This Seems to be a new problem (if it has been reported
I have never seen it)

The Product :

Webramp M3
from Ramp Networks, Inc

The Problem

  I have encountered one of these routers logged into a Dial-up
account. It has the setup web pages world readable via http thus
giving out all login info (including password) for the dial up
account. It also gives a hang-up option that may allow for DoS
attacks.

  Currently it is unknown if this is just  one misconfigured router or
  a wide spread problem.

It would however be terribly easy to write  A script to harvest this
info.


The Cure :
Unknown

The abuse possibilities of this problem are endless does  anyone
know of a fix or workaround ?

Next message: Raymond Dijkxhoorn: "Re: Nasty security hole in "lprm""
Previous message: Chris Evans: "Re: Nasty security hole in "lprm""
Next in thread: Niek Jongerius: "Re: Webramp M3 login info"