Re: Remote Administrator 2.x: highly possible remote hole or backdoor

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Re: Remote Administrator 2.x: highly possible remote hole or backdoor
From: "Pavel Levshin" <flicker@xxxxxxxxxxxx>
Date: Fri, 20 Feb 2004 02:06:16 +0300
Fl-build: Fidolook 2002 (SL) 6.0.2800.85 - 28/1/2003 19:07:30
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: There is no such place
References: <03AA00992043DF42B09EADB1D11D82F3076F253D@xxxxxxxxxxxxx>

Hello, LordInfidel@xxxxxxxxxxxxxxxx!
You wrote to "'Pavel Levshin'" <flicker@xxxxxxxxxxxx>;
<bugtraq@xxxxxxxxxxxxxxxxx> on Wed, 18 Feb 2004 13:58:58 -0500:

 L> From reading the thread on famatech's site, this looks more like a weak
 L> password issue, which is true of "ANY" piece of software
 L> using simple password authentication.

The password mentioned there was word "sharpest" (which is not Very Best
choice, but...). The attacker was able to connect on second attempt (first
after portscan, actually). There must be GREAT optimization of dictionary
attack to achieve such result.


With best regards, Pavel Levshin.  E-mail: flicker@xxxxxxxxxxxx

References:
- RE: Remote Administrator 2.x: highly possible remote hole or back door
  - From: LordInfidel

Prev by Date: [CLA-2004:821] Conectiva Security Announcement - XFree86
Next by Date: Re: SNMP community string disclosure in Linksys WAP55AG
Previous by thread: Re: Remote Administrator 2.x: highly possible remote hole or back door
Next by thread: LiveJournal XSS
Index(es):
- Date
- Thread