Friday, 23 August 2013

Asus router reveal password in plain text over the Internet

Security researcher Kyle Lovett has a Bugtraq indicate a gap in many router models from Asus. Through a very simple attack, it is possible to access the unencrypted files stored configuration of routers via Internet. This is the password for the Aicloud stored function.
An attacker can use it to access the content from USB media connected to the router. The gap is in connection with a previously discovered on the devices vulnerability in Samba shares, or more precisely: The root file system of the internal web server is through directory traversal distance. Due to this error, it is also possible that an attacker gets access to the Windows shares on the local network of the router owner.
Vulnerable Asus Models
  • RT-AC66R   Dual-Band Wireless-AC1750 Gigabit Router
  • RT-AC66U   Dual-Band Wireless-AC1750 Gigabit Router
  • RT-N66R     Dual-Band Wireless-N900 Gigabit Router with 4-Port Ethernet Switch
  • RT-N66U     Dual-Band Wireless-N900 Gigabit Router
  • RT-AC56U   Dual-Band Wireless-AC1200 Gigabit Router
  • RT-N56R     Dual-Band Wireless-AC1200 Gigabit Router
  • RT-N56U     Dual-Band Wireless-AC1200 Gigabit Router
  • RT-N14U     Wireless-N300 Cloud Router
  • RT-N16       Wireless-N300 Gigabit Router
  • RT-N16R     Wireless-N300 Gigabit Router
Posted by at No comments:

Hackers Breach Turkish State Hospital in Support of OccupyGezi

Hackers of the St0rmyw0rm group claim to have breached the official website of the state hospital in Beypazari, a town and district of the Ankara province in Turkey.
From the website, beypazaridh.gov.tr, the hackers have leaked what appear to be usernames and password hashes, including credentials belonging to the website’s administrators.
The IP addresses from which the site admins connect to the website have also been published on Anonpaste.me.
According to the hackers, the attack is in support of OccupyGezi, a campaign initiated by Turkish citizens in protest against the destruction of Istanbul’s Gezi Park.
Hacktivists have started supporting OccupyGezi after Turkish police used tear gas and high-pressure water hoses to get the protesters to move out of the way of the bulldozers that came to destroy the park.
Posted by at No comments:
Subscribe to: Comments (Atom)