Is a privilege escalation vulnerability in Linux not a vulnerability if it requires authentication?
2012/11/22 Gary Driggs <[email protected]> > On Nov 22, 2012, Manu <sourvivor at gmail> wrote: > > > Authenticate and browse to > > How is this a vulnerability if it's behind an authentication wall? > I've seen several SOHO routers and APs that include some kind of > "hidden" web page that allows one to tweak settings. How does this > differ & how is it remotely exploitable without authentication? I'm > sure if you contacted the vendor they would acknowledge the existence > of the page as either a debug or dev tool and ask the same questions I > have. > > -Gary > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
