Ebay - Advertisement

Saturday, May 29, 2010

Improper Authentication Mechanism in 3Com Wireless8760 Dual Radio 11a/b/g Poe Access Point

Recently i found the following vulnerability in the 3Com Wireless8760 web administration interface: If one user is authenticated to the web interface, other users can access to internal pages without further authentication. That means that one opened session is enough between the user and web administration , and other users can also access to the web administration interface.

Malicious user can wait until ones logins to the interface and then he can access and administer 3Com Wireless8760 Access Point without further authentication. Among different operations the malicious user can cause to Denial of Service (Dos) attack to the entire network by changing the configuration such as IP addresses.

No comments:

Post a Comment