From: Stong, Ian C CTR DISA GIG-CS (Ian.Stong.ctr@disa.mil)
Date: Fri Jun 01 2007 - 15:12:02 EDT
Just for clarification - I have backups of the configs and could reset
the device and reload the config but as soon as you do that it also
restores the password. In addition you can't change the password without
knowing the old password.
And it's not actually the model listed and it's not a work device.
Didn't want to give away the actual model number, IP address and code
version, etc in case someone got bored and tried to hack away at it
externally :)
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of ebk_lists@hotmail.com
Sent: Friday, June 01, 2007 2:01 PM
To: pen-test@securityfocus.com
Subject: Re: RE: Pentesting a Web Applicaton
Indeed. I would recommend not caching passwords in windoze for one, and
for two backing up configs in critical devices such as this one.
And on that note, this seems like a lot (VOIP, VPN, NAT, etc) to run on
a little SoHo router like this. Especially one this old that doesn't
even support WPA. Can't DISA get you a real router?
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic See HOW Now with our 20/20
program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:51 EDT