Conexant Access Runner DSL Console login bypass vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Conexant Access Runner DSL Console login bypass vulnerability
From: Chris Norton <kicktd@xxxxxxxxxxx>
Date: 4 Oct 2003 14:13:40 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm


A vulnerability has been discovered in the Conexant Access Runner DSL Console 
Port 3.21. This vulnerability will let a remote attacker bypass the login 
screen and have full admin rights even if admin password is set. The login 
bypass works in the following way:

When at login screen you may press any key to get the invalid password, please 
try again message. At this point all an attacker has to do is tap the [ENTER] 
key to gain access to the main menu of the system with admin rights. 

This has been found to work on all 3.21 versions. At this time I am not aware 
of a fix as I could not get in contact with Conexant about this issue.

Prev by Date: PHP-Nuke v 6.7 + Windows = File Upload
Next by Date: Re: Cisco 6509 switch telnet vulnerability
Previous by thread: PHP-Nuke v 6.7 + Windows = File Upload
Next by thread: [PAPER] Juggling with packets: floating data storage
Index(es):
- Date
- Thread