Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Beck IPC GmbH [email protected] TelnetD Account Enumeration Vulnerability

Beck IPC GmbH [email protected] TelnetD Account Enumeration Vulnerability

by platon on June 3rd, 2001 The [email protected] is a single-chip embedded webserver from Beck GmbH...


The device's inbuilt telnetd service may allow a remote user to confirm names of valid telnet accounts.

When an attacker attempts to login to the telnet service with a given user ID, the attacker receives a prompt for the password only if the supplied account name exists. This confirms for the attacker that the given ID is valid.

In combination with brute-force password techniques, to which this device is reportedly vulnerable, this can permit a remote attacker to compromise arbitrary accounts on the system. Properly exploited, this can lead to a compromise of the device's normal operation.

The vendor reports that this has been fixed, and that a "test version is available upon request."

[Homepage]


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »