[20029] in bugtraq
Re: RG-1000 802.11 Residential Gateway default WEP key disclosure
daemon@ATHENA.MIT.EDU (thomas lakofski)
Wed Apr 4 22:00:07 2001
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.LNX.4.31.0104041328350.10400-100000@io.88.net>
Date: Wed, 4 Apr 2001 13:33:45 +0100
Reply-To: thomas lakofski <thomas@88.NET>
From: thomas lakofski <thomas@88.NET>
X-To: Bill Arbaugh <waa@CS.UMD.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.SOL.4.21.0104022035070.6061-100000@laffytaffy.cs.umd.edu>
So, if I use a product which clearly states, in the instructions, that
the default password for WEP is set to a known value, and that this must be
changed, and I don't do this, it's the vendor's fault?
This 'vulnerability' beggars belief.
-thomas
On Mon, 2 Apr 2001, Bill Arbaugh wrote:
> Name: RG-1000 default network name and WEP key exposure
>
> Product: Orinoco RG-1000 (www.wavelan.com)
>
> Severity: An attacker can determine the network name (SSID), and
> current WEP encryption key-- allowing unrestricted
> access to the LAN.
--
Do what thou wilt shall be the whole of the Law.
-- Aleister Crowley
gpg: pub 1024D/81FD4B43 sub 4096g/BB6D2B11=>p.nu/d
2B72 53DB 8104 2041 BDB4 F053 4AE5 01DF 81FD 4B43
