User comments on ISPs
  >> EE (Everything Everywhere) and Orange


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | 4 | (show all)   Print Thread
Standard User glossywhite
(member) Thu 10-Oct-13 21:04:09
Print Post

Bright Box plain-text security leaks


[link to this post]
 
I put these URLs into a browser on a machine in my network... a machine that has NEVER connected to the router pages... and it gives up PLAIN TEXT security data... try them youselves.

The machine was not even logged in on the router!


Brower: "Give me all your security credentials"

Router: "Oh, okay!"


http://192.168.1.1/cgi/cgi_status.js?t=1381432913046

http://192.168.1.1/cgi/cgi_wifi_wpa.js?t=1381433787099

http://192.168.1.1/cgi/cgi_atmint.js?t=1381434119553

http://192.168.1.1/cgi/cgi_status.js?t=1381434119550

http://192.168.1.1/cgi/cgi_security_log.js?t=1381434403382

http://192.168.1.1/cgi/cgi_wireless_wps.js?t=1381434403382

Edited by glossywhite (Thu 10-Oct-13 21:04:52)

Standard User Mike_Williams
(committed) Fri 11-Oct-13 11:57:07
Print Post

Re: Bright Box plain-text security leaks


[re: glossywhite] [link to this post]
 
Does this leak occur externally?

Regards
Mike Williams

Info :-
Line: Length 250 metres
Modem router: Buffalo wbmr-hp-g300h + LinkSys wg54g both running dd-wrt firmware
IP Profile = Down 19418 kbps Up 1019 kbps

2012: EE WBC 20Mbps Down: 22010 kbps Up: 1019 kbps
2003: Demon ADSLMax 8Mbps Down: 8128 kbps Up: 448 kbps
Standard User XRaySpeX
(eat-sleep-adslguide) Fri 11-Oct-13 13:33:42
Print Post

Re: Bright Box plain-text security leaks


[re: glossywhite] [link to this post]
 
To save copy & paste and Typed URLs:
In reply to a post by glossywhite:
http://192.168.1.1/cgi/cgi_status.js?t=1381432913046
http://192.168.1.1/cgi/cgi_wifi_wpa.js?t=1381433787099
http://192.168.1.1/cgi/cgi_atmint.js?t=1381434119553
http://192.168.1.1/cgi/cgi_status.js?t=1381434119550
http://192.168.1.1/cgi/cgi_security_log.js?t=1381434...
http://192.168.1.1/cgi/cgi_wireless_wps.js?t=1381434...


1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 20 Meg WBC


Register (or login) on our website and you will not see this ad.

Standard User XRaySpeX
(eat-sleep-adslguide) Fri 11-Oct-13 13:50:38
Print Post

Re: Bright Box plain-text security leaks


[re: glossywhite] [link to this post]
 
Yes, script failure on IE8 but works on FF24.

Does it matter that someone on my network who is able to spend ages generating random #s can eventually see my 3 passwords, cuz that's all that's secret that's revealed?

1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 20 Meg WBC
Standard User glossywhite
(member) Fri 11-Oct-13 18:28:15
Print Post

Re: Bright Box plain-text security leaks


[re: XRaySpeX] [link to this post]
 
In reply to a post by XRaySpeX:
Yes, script failure on IE8 but works on FF24.

Does it matter that someone on my network who is able to spend ages generating random #s can eventually see my 3 passwords, cuz that's all that's secret that's revealed?


If you were a guest on on one of the virtual networks (which could be left open), I'd have to suppose that, yes - it would matter a LOT.


[Update]

Just connected to my OPEN virtual WiFi on the Bright Box, and it hands over the info no questions asked. So, someone just has to connect to your open virtual network, inject the URL, and... WHOOPS! - they can now join ANY of your wireless networks, and view all your shares.

Seems like an issue to me.

Edited by glossywhite (Fri 11-Oct-13 19:41:45)

Standard User XRaySpeX
(eat-sleep-adslguide) Fri 11-Oct-13 19:17:52
Print Post

Re: Bright Box plain-text security leaks


[re: glossywhite] [link to this post]
 
What virtual networks might I have & how might they be left open?

As far as I know I only use the router in a normal way and only have SSID1 & VLAN1 enabled, if that's what you are talking about.

1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 20 Meg WBC
Standard User XRaySpeX
(eat-sleep-adslguide) Fri 11-Oct-13 19:47:44
Print Post

Re: Bright Box plain-text security leaks


[re: glossywhite] [link to this post]
 
To issue any of these commands the intruder will first have to connect to the router and pass its authentication. Chicken & egg!

And if he could do that then he could just as well access all this info thro' its standard GUI without needing these arcane commands.

1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 20 Meg WBC
Standard User glossywhite
(member) Fri 11-Oct-13 19:59:49
Print Post

Re: Bright Box plain-text security leaks


[re: XRaySpeX] [link to this post]
 
In reply to a post by XRaySpeX:
What virtual networks might I have & how might they be left open?

As far as I know I only use the router in a normal way and only have SSID1 & VLAN1 enabled, if that's what you are talking about.


If a case study was carried out about Bright Box routers and their usage, and you were the sole participant, then that would be acceptable I suppose, but you're not. It's a security flaw - anyone can see that.

Think outside of your own personal situation, and realise that people DO use these features - I for one, use them - if people do not use them, why are they there? I have friends who own shops who provide a WiFi segment for customers, open, and their own protected network for their own use.

Phrase it however you wish - a flaw is a flaw, and it's a demonstrateable one too.

Edited by glossywhite (Fri 11-Oct-13 20:05:06)

Standard User XRaySpeX
(eat-sleep-adslguide) Fri 11-Oct-13 20:18:49
Print Post

Re: Bright Box plain-text security leaks


[re: glossywhite] [link to this post]
 
I simply asking you a Q of your superior knowledge of routers. I was never implying that I was a representative user; simply enquiring how this flaw you identified might affect me.

If you are not prepared to answer then so be it! It would seem to be unimportant.

There was no need for your sarcasm and condescension.

1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 20 Meg WBC
Standard User glossywhite
(member) Fri 11-Oct-13 20:27:45
Print Post

Re: Bright Box plain-text security leaks


[re: XRaySpeX] [link to this post]
 
In reply to a post by XRaySpeX:
I simply asking you a Q of your superior knowledge of routers. I was never implying that I was a representative user; simply enquiring how this flaw you identified might affect me.

If you are not prepared to answer then so be it! It would seem to be unimportant.

There was no need for your sarcasm and condescension.


I did not intend to be patronising, sorry.

Look - the flaw is the flaw, and it's there - you can decide how it impacts you, with reasoning and common sense, not me. I'm not a personal IT consultant - it's obvious, is it not, that if you perceive no issue, then you perceive no risk; the fact that it is present is obvious and has been shown. That's all that can be said, really.

Edited by glossywhite (Fri 11-Oct-13 20:34:00)

Pages in this thread: 1 | 2 | 3 | 4 | (show all)   Print Thread

Jump to