Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Optus fixes a security vulnerability in its routers

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

April 4, 2016

Optus said earlier today that it has fixed a security vulnerability in its routers that allowed attackers to change administrative passwords without knowing the existing logins.

The security flaw exists in the CG-3000v2 cable modem and means that hackers could type anything into the current password field to change the code to one of their choice.

University of Sydney technician Paul Szabo says attackers could use cross-site request forgery phishing links to change victim's passwords.

"The security issue is that the admin password can be changed on the web interface without providing the current password," Szabo asserted.

The page at http://192.168.0.1/SetPassword.asp prompts for old and new password (and repeat of new), but in fact ignores the old password provided, and changes the password to the new one, even if the old one isn't provided.

This security problem could be exploited via CSRF to change the password while the user happens to be logged in.

To be sure, Optus began investigating the security issue after inquiries and asked vendor NetGear to come up with a fix.

For his own installation, Szabo says the phone company pushed a security fix to his router which appears to have solved the problem, at least for now.

"Optus developed a new firmware and installed it on my modem, and that solves the issue I reported," Szabo asserted.

The fixed router version is V2.08.05. The security vulnerability however could be considered excessive. Most users would not bother to change passwords from the default of username 'admin' and password of 'password.'

Indeed the basic manual does not tell users to change their login credentials. But you'd think by now that users wouldn't take such chances and would replace the default passwords with something a lot harder to guess.

Source: Optus.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer