It involves a bug that allows a password recovery feature to be utilized
from the LAN or WAN instead of just the serial console port.
Basically, throwing enough 6 digit numbers at a pre-3.0.8 router will
allow you to get access to the box to do whatever you want. It appears as
if the problem started in 3.0.4, but I am not totally certain about that.
--
Scott M. Drassinower [EMAIL PROTECTED]
Cloud 9 Consulting, Inc. White Plains, NY
+1 914 696-4000 http://www.cloud9.net
On Thu, 5 Aug 1999, Matt wrote:
> The following URL contains information about a firmware upgrade for
> FlowPoint DSL routers that fixes a possible "security compromise".
> FlowPoint has chosen not to release ANY information whatsoever about the
> vulnerability. I was curious if anyone had any more information
> about this vulnerability than what FlowPoint is divulging.
>
> http://www.flowpoint.com/support/techbulletin/sec308.htm
>
> thnx
>
> --
> I'm not nice, I'm vicious--it's the secret of my charm.
>
