Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Exploit for old 3com bug ("3Com OfficeConnect Remote 812 ADSL Router

from [Stefano Zanero] Network Security [Permanent Link]
Subject: Re: Exploit for old 3com bug ("3Com OfficeConnect Remote 812 ADSL Router Authentication Bypass Vulnerability")
Date: Tue, 30 Aug 2005 00:14:59 +0200 
Roman Medina-Heigl Hernandez wrote:

Hi,

Does anybody have information about the exploitation of this old bug?
http://www.idefense.com/application/poi/display?id=106&type=vulnerabilities


You just keep trying, and it sort of happens :)

BTW: that router has also other strange vulnerabilities I described in
past, such as the fact that "sometimes" packet filtering rules beyond
the tenth rule or so are not applied, and so on. Fixes have never been
released by 3Com AFAIK...

Regards,
Stefano Zanero
---------------------------
Secure Network S.r.l.
www.securenetwork.it
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Re: Exploit for old 3com bug ("3Com OfficeConnect Remote 812 ADSL Router Authentication Bypass Vulnerability"), Stefano Zanero <=
Previous by Date:  Re: Where are Windows "Enforce password history" passwords stored?, Jeffrey Denton
Next by Date:  Business justification for pentesting, sectraq
Previous by Thread:  CIA checklist, Toto A Atmojo
Next by Thread:  Business justification for pentesting, sectraq
Indexes:  [Date] [Thread] [Top] [All Lists]