Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Telindus 112x ADSL Router - Weak Password Encryption

Telindus 112x ADSL Router - Weak Password Encryption

by Nikola Strahija on December 30th, 2002 Telindus Router (series 112x) has a well-know authentication problem, which lets to extract router password from a UDP-dump sniffed over 9833 port.


More about this at:
http://www.securiteam.com/securitynews/5DP0A2K7GY.html
or
http://neworder.box.sk/showme.php3?id=6730

New firmware (6.0.27, Jul/2002)
tries to fix this problem using
an encypted packet during the UDP session,
but encryption scheme used is trivial
and it's easy to decrypt the password
knowing only the router name (name is showed by
Telindus 9100 Maintenance Application during
authentication).

Encryption scheme, analisys, session dump and packets
will posted after a Telindus reply.

Elia Florio


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »