Looks like all of QNAP, TS-EC1679U-RP affected as well.
On Fri, Jul 11, 2014 at 5:35 AM, Erik Auerswald <[email protected]> wrote: > Hi, > > the same holds for a QNAP TS-459U. Besides, the shadow file on that box > contains MD5 hashes without salt. > > Cheers, > Erik > -- > La perfection est atteinte non quand il ne reste rien ajouter, mais quand > il > ne reste rien à enlever. > -- Antoine de Saint-Exupéry > > On Fri, Jul 11, 2014 at 11:13:32AM +0200, Joerg Mertin wrote: > > I can confirm that... QNap SS-839 > > > > [/etc] # pwd > > /etc > > [/etc] # ls -l shadow > > lrwxrwxrwx 1 admin administ 13 Aug 15 2013 shadow -> > > config/shadow > > [/etc] # ls -l config/shadow > > -rw-r--r-- 1 admin administ 455 Jun 25 2013 config/shadow > > > > That is also the reason that my NAS has no access (actively blocked IP > address > > on firewall to deny access out the world interface). > > I had notified QNap of that some years back - and as they didn't react, > > implemented my own countermeasures where one is to disallow access to the > > Internet. > > > > On Friday 11 July 2014 10:55:22 Melchior Limacher wrote: > > > [cid:[email protected]] > > > > > > [cid:[email protected]] > > > > > > > > > Cheers > > > > -- > > We are Pentium of Borg. Division is futile. You will be approximated. > > (seen in someone's .signature) > > ------------------------------------------------------------------------ > > Joerg Mertin in Clermont/France > > Web: http://www.solsys.org > > PGP: Public Key Server - Get "0x159DC660F946126F" > > > > > > _______________________________________________ > > Sent through the Full Disclosure mailing list > > http://nmap.org/mailman/listinfo/fulldisclosure > > Web Archives & RSS: http://seclists.org/fulldisclosure/ > > _______________________________________________ > Sent through the Full Disclosure mailing list > http://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ > _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
