[27389] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Plain text DDNS password in NetGear FM114P backups

daemon@ATHENA.MIT.EDU (Marc Ruef)
Thu Oct 10 16:54:25 2002

Message-ID: <3DA5BD25.F5C054C1@computec.ch>
Date: Thu, 10 Oct 2002 19:47:17 +0200
From: Marc Ruef <marc.ruef@computec.ch>
MIME-Version: 1.0
To: bugtraq@securityfocus.com, submissions@packetstormsecurity.org,
        news@securiteam.com
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi!

I was checking the vulnerability "NETGEAR FVS318 Firewall Router
Username/Password Disclosure"[1] on my NetGear FM114P. My little box
doesn't store the web login username and password in plain text.

But the DDNS (DynDNS) account data is stored in plaintext; this problem
seems to be existent up to Firmware 1.3 Release 05. Also some
interesting informations like MAC address filtering table are stored in
plain text.

It could be that NetGear will encrypt the whole backup settings in an
upcoming firmware to serve additional backup security.

Bye, Marc

[1] http://www.securiteam.com/securitynews/5TP0Y008AQ.html

-- 
Computer, Technik und Security
http://www.computec.ch


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[27389] in bugtraq

Plain text DDNS password in NetGear FM114P backups

daemon@ATHENA.MIT.EDU (Marc Ruef)Thu Oct 10 16:54:25 2002

daemon@ATHENA.MIT.EDU (Marc Ruef)
Thu Oct 10 16:54:25 2002