Oppsss… Linksys RTP300 VoIP router.

By -
I just found a bug in the login script of the RTP300 Linksys VoIP router. The firmware is 1.00.55 version. This was just by accident. My password contains letters and numbers. I was typing too fast and at the end of my password I typed the wrong number. By the time my actions clicked in my hear I had already hit enter. And what do you know? I was able to log in. This caused me to think about this, so I tried few different combinations of passwords and this is what I discovered.

  1. If the passwords starts with letters and ends on number(s). As long as the letter part of the password is correct, when entered at the log in screen if the number(s) at the end is not included or mistyped the user will still be able to log in.

  2. If the password is all numbers or starts with numbers then the user will need the correct password.


It seems like if you have numbers at the end of your password, and even if you mistype them, you will still be able to log in if your password starts with a letter.

Linksys I think it is time for you guys to work on this.

Popular posts from this blog

Format MAC Address [JavaScript]

By -
I am currently working on a project which will allow users to register their Wi-Fi enabled, non-web browser enabled, devices on the network. These are devices like printers, Apple TV, and Xbox*. One of the data points that have to be collected from the user is the device MAC address. The project customer wants that address to be properly formatted when they see it in the support ticket.

We have several options. We can format the address either on the back-end after the form has been submitted. Or we can format it on the front end via a separate text field for each character pair, but that is too many fields to handle. A better solution is to use a single field and format the user input at the time of input or upon submit. In those cases, the former is better because the data will already be formatted when the overall form input is being validation after the user clicks the “Submit” button.

We are going to format the user input as it is being provided, thus having proper data when vali…
Read more

How to setup Coda 2 to push to GitHub?

By -
Image
Setting up a new site in Coda 2 and cloning a GitHub remote repository is not that big of a deal. Where you will most likely run into problems is when you try to push your changes to the GitHub remote repository. Below I will show you how to update the Git config file in your local repository so you do not run into one of the following errors:
git push failed remote: Remote anonymous access to repository deniedgit push origin master Username: fatal: Could not read passwordThe GitHub repository address I am going to use is that of Source Code DNA: https://github.com/thetitan/sourcecodedna.git. I will assume that you have already setup your Coda 2 site profile and cloned your repository, you have made some changes, and now you are ready to push those changes to your projects GitHub repo.
Read more

Messing with WordPress SPAM Bots

By -
If you have a WordPress based blog, or otherwise use WordPress as a CMS for your website, you are either getting a lot of bad user accounts being created or noticing a lot of knocking on your wp-login.php page. WordPress has a nice feature which allows you to install WordPress in a directory other than the root one. For example, your site is served from http://blog.example.com, but WordPress can be installed in http://blog.example.com/wpcms. In past versions of WordPress, prior to 3.8 or maybe be older than that, unless you knew the exact path to where WordPress was installed you could not get to the dashboard. That has changed! Now even if WordPress is installed in some random directory, if you navigate to http://blog.example.com/wp-login.php you will be redirected to the actual WordPress login page. Convenient, but not helpful when dealing with SPAM bots.
Read more