----------------------------------------------------------------------

Bist Du interessiert an einem neuen Job in IT-Sicherheit?


Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/

----------------------------------------------------------------------

TITLE:
Linksys WRT54G Router Common SSL Private Key Disclosure

SECUNIA ADVISORY ID:
SA16271

VERIFY ADVISORY:
http://secunia.com/advisories/16271/

CRITICAL:
Less critical

IMPACT:
Exposure of sensitive information

WHERE:
>From local network

OPERATING SYSTEM:
Linksys WRT54G Wireless-G Broadband Router
http://secunia.com/product/3523/

DESCRIPTION:
Nick Simicich has reported a security issue in WRT54G, which
potentially can be exploited by malicious people to gain knowledge of
certain sensitive information.

The security issue is caused due to all routers being loaded with the
same certificate and SSL private key. A user with knowledge with the
private key can potentially decrypt router management traffic
captured from the network.

SOLUTION:
The vendor will reportedly use unique SSL private keys with a
self-signed certificate for each router in new software versions.

PROVIDED AND/OR DISCOVERED BY:
Nick Simicich

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------