[Novalug] Security flaw in WRT54G Linksys config.bin file

david@zakar.com david@zakar.com
Mon Feb 26 08:43:43 EST 2007


How is this a security flaw? If the only way someone can get to the  
config file is through the password-protected administration page,  
they've already got control of your router, and can set the encryption  
key (or anything else) to whatever they want.

I agree that it's fairly bad policy to store passwords in straight  
plaintext (at least rot13 them for obfuscation, I say), but there's no  
real security risk here, as far as I can tell. For what it's worth,  
I've seen other routers which do this exact same thing, and I could  
mention at least one very prominent Free software app which is known  
to do something similar.

Am I missing something?

-DMZ

Quoting "James (Jim) Darlack" <jmdarlack@yahoo.com>:

> After updating the settings on my Linksys WRT54G wireless router, I   
> saved the confg file.  The Admin tab accessed thru 192.168.1.1,   
> allows you to specify the directory, and file name.  After saving   
> the file, I decided to snoop the contents of the file.  It has the   
> encryption key in plain text.
>
>   Sooo... beware.  If someone accesses the file, and knows what they  
>  are looking for, the encryption key that was used to configure your  
>  wireless router can be retrieved.
>
>   You would think they would provide some kind of simple encryption   
> of a config file containing an encryption key.
>
>   And, there is a bunch of other ASCII text in the config.bin file.
>
>   Jim
>
>
> ---------------------------------
> Never Miss an Email
> Stay connected with Yahoo! Mail on your mobile. Get started!





More information about the Novalug mailing list