[Full-disclosure] Authentication Issue DD-WRT
João Francisco
jfcastilho at gmail.com
Thu Oct 26 18:15:46 BST 2006
Hi,
Does anyone noticed that to authenticate in any wireless router running
DD-WRT firmware (lastest version), it only check the first 8 characters of
the password???
E.g. you can set the root password to yellowmonkey123 at 123 and when you try
to authenticate with yellowmonkey at blablabla ... got root!
Some other firmware users noticed and reported to the developer, but no
action was taken.
It´s a excelent firmware to use with linksys routers, many extras resources,
etc, but not from the security point of view.
[]´s
João Castilho
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20061026/19cbd992/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.