[6542] in bugtraq
Webramp M3 login info
daemon@ATHENA.MIT.EDU (the_coyote@GEOCITIES.COM)
Mon Apr 20 13:26:26 1998
Date: Sat, 18 Apr 1998 16:34:53 -0700
Reply-To: the_coyote@GEOCITIES.COM
From: the_coyote@GEOCITIES.COM
To: BUGTRAQ@NETSPACE.ORG
This Seems to be a new problem (if it has been reported
I have never seen it)
The Product :
Webramp M3
from Ramp Networks, Inc
The Problem
I have encountered one of these routers logged into a Dial-up
account. It has the setup web pages world readable via http thus
giving out all login info (including password) for the dial up
account. It also gives a hang-up option that may allow for DoS
attacks.
Currently it is unknown if this is just one misconfigured router or
a wide spread problem.
It would however be terribly easy to write A script to harvest this
info.
The Cure :
Unknown
The abuse possibilities of this problem are endless does anyone
know of a fix or workaround ?
