SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Encryption/VPN)  >   NETGEAR Router Vendors:   NETGEAR
Netgear ProSafe VPN Firewall Discloses Passwords Via Configuration Backup File
SecurityTracker Alert ID:  1005312
SecurityTracker URL:  http://securitytracker.com/id/1005312
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 29 2002
Impact:   Disclosure of authentication information

Version(s): FVS318 ProSafe VPN Firewall; firmware 1.1 and prior versions
Description:   A password disclosure vulnerability was reported in Netgear's ProSafe VPN Firewall router. When an administrator makes a backup of the configuration, the administrative password is stored in plain text.

It is reported that the configuration backup file includes (among other data) the username for the ISP Internet connection and the password for the device's web management interface (the username for the web management interface is always 'admin').

Impact:   A local user on the administrator's computer may be able to view the device's administrative password in the configuration backup file.
Solution:   No solution was available at the time of this entry.

The author of the report suggests that administrators encrypt the backup file for storage.

Vendor URL:  www.netgear.com/products/prod_details.asp?prodID=129&view= (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents

Subject:  [VulnWatch] FVS318 Config stores usernames/passwd's in plain text


--=_0_5528_1033144838
Content-Type: text/plain; format=flowed; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

Hi All.. 

Attached is an Advisory concerning Netgear's FVS318 Firewall/VPN/Router, and 
the fact that it stores Usernames and Passwords in plain text if the config 
is backed up. 


Thanks, 

fab@aisec.net
http://www.aisec.net
Information Security Team.
 -=-=-=-=-=-=-=-=-=-=-=-=-=- 

--=_0_5528_1033144838
Content-Disposition: attachment; filename="AIS-0006-NETGEAR_FVS318_Firewall_Router_Firmware_1_1.txt"
Content-Type: text/plain; charset="iso-8859-1"; name="AIS-0006-NETGEAR_FVS318_Firewall_Router_Firmware_1_1.txt"
Content-Transfer-Encoding: 8bit

AIS advisory # 0006 NETGEAR FVS318 Firewall Router Firmware 1.1 
Username/Password Disclosure 

==============Summary================

Netgear's FVS318 Firewall/VPN/Router stores Usernames and Passwords 
in plain text when a backup of the configuration is made. 

==========Software Affected==========

Netgear FVS318 firmware 1.1 and every firmware version before it.


===============Vendor================


http://www.netgear.com


=========Product Description=========
Taken from their site : http://www.netgear.com

"Want the utmost in network security for your office? NETGEAR's FVS318 
ProSafe VPN Firewall provides business-class protection at a NAT router 
price. This completely equipped, broadband-capable Virtual Private 
Denial of Service (DoS) protection and Intrusion Detection using Stateful 
Packet Inspection (SPI), URL access and content filtering, logging, 
\reporting, and real-time alerts. It initiates up to 8 IPSec VPN tunnels 
simultaneously, reducing your operating costs and maximizing the security 
and Network Address Translation (NAT) routing, up to 253 users can access 
your broadband connection at the same time."

============Vulnerability============

The web interface includes a backup option to store your current config 
just in case anything happens....

For the most part, the file isn't readable except for a few words, in 
particular, your Username to your ISP internet connection, and the password 
to the web admin interface which listens on port 80 by default. This port 
can be changed to whatever you like, but probably not many people do that.

I would consider this a local threat because you can only get to the web interface
from inside the local LAN. Unless you enable Remote Management, which listens on port
8080 by default.

The default username for the web interface can't be changed, it's always "admin"...

Any good admin makes a backup of their working configs ;)


================FIX (if any) ========
Use PGP to encrypt your files, if Netgear doesn't encrypt them for you.


============Discovered by============
fab@aisec.net
http://www.aisec.net
Information Security Team.


--=_0_5528_1033144838--


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC