[App_rpt-users] Voter Remote Console - Authentication Bypass Bug
Travis Giedratis
giedratis at gmx.com
Tue Jan 12 16:30:58 UTC 2016
In the interest of full disclosure, this is final notification regarding an authentication bypass bug for the VOTER Remote Console running on the telnet service..
The specific method of authentication bypass along with other specific data has been scrubbed:
root at pentest:~# telnet XX.XX.XX.XX
Trying XX.XX.XX.XX...
Connected to XX.XX.XX.XX.
Escape character is '^]'.
VOTER System Serial # XXXX Remote Console Access
Login: *<redacted>*
Logged in successfully, now joining console session...
Select the following values to View/Modify:
1 - Serial # (XXXX) (which is MAC ADDR 00:XX:XX:XX:XX:XX)
2 - VOTER Server Address (FQDN) (XX.XX.XX.XX)
3 - VOTER Server Port (667), 4 - Local Port (Override) (0)
5 - Client Password (XXXX), 6 - Host Password (XXXX)
7 - Tx Buffer Length (3000)
8 - GPS Data Protocol (0=NMEA, 1=TSIP) (1)
9 - GPS Serial Polarity (0=Non-Inverted, 1=Inverted) (0)
10 - GPS PPS Polarity (0=Non-Inverted, 1=Inverted, 2=NONE) (0)
11 - GPS Baud Rate (9600)
12 - External CTCSS (0=Ignore, 1=Non-Inverted, 2=Inverted) (1)
13 - COR Type (0=Normal, 1=IGNORE COR, 2=No Receiver) (0)
14 - Debug Level (10)
15 - Alt. VOTER Server Address (FQDN) ()
16 - Alt. VOTER Server Port (Override) (0)
17 - DSP/BEW Mode NOT SUPPORTED
18 - "Duplex Mode 3" (0=DISABLED, 1-255 Hang Time) (1/10 secs) (0)
19 - Simulcast Launch Delay (0) (approx 200 ns, 5 = 1us, > 0 to ENA SC)
97 - RX Level, 98 - Status, 99 - Save Values to EEPROM
i - IP Parameters menu, o - Offline Mode Parameters menu
q - Disconnect Remote Console Session, r - reboot system, d - diagnostics
Enter Selection (1-27,97-99,r,q,d) :
__
Isn't this 2016? Why are we still using the telnet service? Any interest in patching this?
Travis Giedratis
tgiedratis at gmx.com
More information about the App_rpt-users
mailing list