Monday, November 21, 2005

Oppsss… Linksys RTP300 VoIP router.

I just found a bug in the login script of the RTP300 Linksys VoIP router. The firmware is 1.00.55 version. This was just by accident. My password contains letters and numbers. I was typing too fast and at the end of my password I typed the wrong number. By the time my actions clicked in my hear I had already hit enter. And what do you know? I was able to log in. This caused me to think about this, so I tried few different combinations of passwords and this is what I discovered.

  1. If the passwords starts with letters and ends on number(s). As long as the letter part of the password is correct, when entered at the log in screen if the number(s) at the end is not included or mistyped the user will still be able to log in.

  2. If the password is all numbers or starts with numbers then the user will need the correct password.


It seems like if you have numbers at the end of your password, and even if you mistype them, you will still be able to log in if your password starts with a letter.

Linksys I think it is time for you guys to work on this.
at
Labels: ,

2 comments:

  1. Aaron Riese11/25/2005 03:12:00 PM

    Well the linksys company should hire you and Hack the world You Phreaker.

    ReplyDelete
  2. Alexandar Tzanov11/29/2005 06:39:00 PM

    Hehe, thanks bro. I would not mind it but I got better plans. :)

    BTW, I can sum up Linksys response to my e-mail in few words and they are: Thanks for the info! We will work on it!

    ReplyDelete

Subscribe to: Post Comments (Atom)