On Thur, 16 Feb 2007 02:00:00 +0800, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > As the paper does not disclose any new vulnerability in Cisco products, > Cisco is issuing this response and not a Security Advisory. The purpose > of this response is to inform customers how to change any default > credentials which may ship pre-configured on an impacted Cisco router > (identified below), upon initial configuration and before the device is > connected to a public network.
The Drive-by Pharming paper also relied on exploiting CSRF vulnerabilities in the router web administration interfaces. Changing the passwords does a lot to mitigate the risk, but the CSRF vulnerabilities should be fixed. Regards, Brian _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
