[31972] in bugtraq
Conexant Access Runner DSL Console login bypass vulnerability
daemon@ATHENA.MIT.EDU (Chris Norton)
Sat Oct 4 15:41:16 2003
Date: 4 Oct 2003 14:13:40 -0000
Message-ID: <20031004141340.18370.qmail@sf-www1-symnsj.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Chris Norton <kicktd@hotmail.com>
To: bugtraq@securityfocus.com
A vulnerability has been discovered in the Conexant Access Runner DSL Console Port 3.21. This vulnerability will let a remote attacker bypass the login screen and have full admin rights even if admin password is set. The login bypass works in the following way:
When at login screen you may press any key to get the invalid password, please try again message. At this point all an attacker has to do is tap the [ENTER] key to gain access to the main menu of the system with admin rights.
This has been found to work on all 3.21 versions. At this time I am not aware of a fix as I could not get in contact with Conexant about this issue.
