Oppsss… Linksys RTP300 VoIP router.

I just found a bug in the login script of the RTP300 Linksys VoIP router. The firmware is 1.00.55 version. This was just by accident. My password contains letters and numbers. I was typing too fast and at the end of my password I typed the wrong number. By the time my actions clicked in my hear I had already hit enter. And what do you know? I was able to log in. This caused me to think about this, so I tried few different combinations of passwords and this is what I discovered.

  1. If the passwords starts with letters and ends on number(s). As long as the letter part of the password is correct, when entered at the log in screen if the number(s) at the end is not included or mistyped the user will still be able to log in.

  2. If the password is all numbers or starts with numbers then the user will need the correct password.

It seems like if you have numbers at the end of your password, and even if you mistype them, you will still be able to log in if your password starts with a letter.

Linksys I think it is time for you guys to work on this.

Popular posts from this blog

Messing with WordPress SPAM Bots

Validate Email Address [JavaScript]

How to setup Coda 2 to push to GitHub?