Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Alcatel "Speed Touch Home" Security Vulnerabilities??

  • 05-07-2003 1:32am
    #1
    ozmo
    Registered Users, Registered Users 2 Posts: 3,875 ✭✭✭


    Whats the story with the ADSL modems that Eircom are providing. I was given one by a friend who uses a router now
    - but I dont know if to use it or not now....:confused:

    I tried some of the stuff they mention - there was indeed no password set in mine - but isnt this Web interface entry point only accessable from the Lan side?

    Snip from the Article follows:

    http://security.sdsc.edu/self-help/alcatel/

    The Alcatel "Speed Touch Home"

    Executive Summary
    Multiple vulnerabilities exist in the Alcatel Speed Touch ADSL "modem."
    These vulnerabilities can allow an intruder to take complete control of the device.
    There is no way for the end user to disable these "features."

    A malicious attacker can:

    Render the device inaccessable
    Disable the device, temporarily or permanently (requiring return to the manufacturer)
    Install malicious code, such as a network sniffer for monitoring local LAN traffic or denial-of-service tools. agent.
    These vulnerabilities are the result of:

    A "backdoor" allowing access to the system without any authentication even if the user has changes passwords on the device
    A tftp server which (by definition) does not require authentication. This server can be used to discover and change passwords.
    Lack of integrity checking/authentication on firmware installs.
    For more information, see this SDSC advisory

    “Roll it back”



Advertisement