Oppsss… Linksys RTP300 VoIP router.

By -
I just found a bug in the login script of the RTP300 Linksys VoIP router. The firmware is 1.00.55 version. This was just by accident. My password contains letters and numbers. I was typing too fast and at the end of my password I typed the wrong number. By the time my actions clicked in my hear I had already hit enter. And what do you know? I was able to log in. This caused me to think about this, so I tried few different combinations of passwords and this is what I discovered.

  1. If the passwords starts with letters and ends on number(s). As long as the letter part of the password is correct, when entered at the log in screen if the number(s) at the end is not included or mistyped the user will still be able to log in.

  2. If the password is all numbers or starts with numbers then the user will need the correct password.


It seems like if you have numbers at the end of your password, and even if you mistype them, you will still be able to log in if your password starts with a letter.

Linksys I think it is time for you guys to work on this.

Popular posts from this blog

Format MAC Address [JavaScript]

By -
I am currently working on a project which will allow users to register their Wi-Fi enabled, non-web browser enabled, devices on the network. These are devices like printers, Apple TV, and Xbox*. One of the data points that have to be collected from the user is the device MAC address. The project customer wants that address to be properly formatted when they see it in the support ticket.

We have several options. We can format the address either on the back-end after the form has been submitted. Or we can format it on the front end via a separate text field for each character pair, but that is too many fields to handle. A better solution is to use a single field and format the user input at the time of input or upon submit. In those cases, the former is better because the data will already be formatted when the overall form input is being validation after the user clicks the “Submit” button.

We are going to format the user input as it is being provided, thus having proper data when vali…
Read more

Messing with WordPress SPAM Bots

By -
If you have a WordPress based blog, or otherwise use WordPress as a CMS for your website, you are either getting a lot of bad user accounts being created or noticing a lot of knocking on your wp-login.php page. WordPress has a nice feature which allows you to install WordPress in a directory other than the root one. For example, your site is served from http://blog.example.com, but WordPress can be installed in http://blog.example.com/wpcms. In past versions of WordPress, prior to 3.8 or maybe be older than that, unless you knew the exact path to where WordPress was installed you could not get to the dashboard. That has changed! Now even if WordPress is installed in some random directory, if you navigate to http://blog.example.com/wp-login.php you will be redirected to the actual WordPress login page. Convenient, but not helpful when dealing with SPAM bots.
Read more

Format a number as US currency [JavaScript]

By -
A recent project I worked on allowed customers to request cloud computing resources. One of the requirements was to display the cost for each resource amount and the totals for one and two years for the resources the customer was requesting. In the United States, numbers are formatted with a period for the decimal mark and a comma as the thousands separator, e.g. 1,234,567.89.
The function below is going to: Assume that the input is either an unsigned integer or a float, ex. 1234567 or 1234567.90.Insert a "," delimiter every third digit.Optionally, add a currency symbol to the returned string. https://gist.github.com/thetitan/328a68da79f97d1ee27c5509cc91bf56#file-formatcostnumber-js Let’s review: On lines 2 - 4 I defined some default values.On line 6 I defined a closure called formatNumber. The logic in the closure is going to format the number string.Starting at line 28 I am making sure that when the formatCostNumber function is called it does receive a value to format, and that…
Read more