X-Micro Access Point Default Username and Password

2004-04-12T14:03:29
ID OSVDB:5231
Type osvdb
Reporter Gergely Risko(xmicro@risko.hu)
Modified 2004-04-12T14:03:29

Description

Vulnerability Description

By default, X-Micro 802.11b wireless access points installs with a default password. The "super" account has a password of "super" and the "1502" account has a password of "1502" which is publicly known and documented. This allows attackers to trivially access the program or system.

Solution Description

Immediately after installation, change all default install passwords to a unique and secure password. When possible, change default accounts to custom names as well.

Short Description

By default, X-Micro 802.11b wireless access points installs with a default password. The "super" account has a password of "super" and the "1502" account has a password of "1502" which is publicly known and documented. This allows attackers to trivially access the program or system.

Manual Testing Notes

Versions 1.2.2, 1.2.2.3, 1.2.2.4, and 1.6.0.0: Username: "super" Password: "super"

Version 1.6.0.1: Username: 1502 Password: 1502

References:

Security Tracker: 1009843
Secunia Advisory ID:11342 Keyword: 802.11b Keyword: wireless ISS X-Force ID: 15829 Generic Informational URL: http://www.cirt.net/cgi-bin/passwd.pl?method=showven&ven=X%2dMicro Bugtraq ID: 10095