[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Conexant Access Runner DSL Console login bypass vulnerability

To: bugtraq@securityfocus.com
Subject: Conexant Access Runner DSL Console login bypass vulnerability
From: Chris Norton <kicktd@hotmail.com>
Date: 4 Oct 2003 14:13:40 -0000


A vulnerability has been discovered in the Conexant Access Runner DSL Console 
Port 3.21. This vulnerability will let a remote attacker bypass the login 
screen and have full admin rights even if admin password is set. The login 
bypass works in the following way:

When at login screen you may press any key to get the invalid password, please 
try again message. At this point all an attacker has to do is tap the [ENTER] 
key to gain access to the main menu of the system with admin rights. 

This has been found to work on all 3.21 versions. At this time I am not aware 
of a fix as I could not get in contact with Conexant about this issue.

Prev by Date: Re: New IE crash: CSS + HTML
Next by Date: Re: Cisco 6509 switch telnet vulnerability
Previous by thread: PHP-Nuke v 6.7 + Windows = File Upload
Next by thread: [CLA-2003:760] Conectiva Security Announcement - mplayer
Index(es):
- Date
- Thread