Secunia Security Advisory - Nick Simicich has reported a security issue in WRT54G, which potentially can be exploited by malicious people to gain knowledge of certain sensitive information.
10577e18967d12d5cf9510aa81bc393ba40aaa676167ced2af8cd3fd93725595
----------------------------------------------------------------------
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
Linksys WRT54G Router Common SSL Private Key Disclosure
SECUNIA ADVISORY ID:
SA16271
VERIFY ADVISORY:
http://secunia.com/advisories/16271/
CRITICAL:
Less critical
IMPACT:
Exposure of sensitive information
WHERE:
>From local network
OPERATING SYSTEM:
Linksys WRT54G Wireless-G Broadband Router
http://secunia.com/product/3523/
DESCRIPTION:
Nick Simicich has reported a security issue in WRT54G, which
potentially can be exploited by malicious people to gain knowledge of
certain sensitive information.
The security issue is caused due to all routers being loaded with the
same certificate and SSL private key. A user with knowledge with the
private key can potentially decrypt router management traffic
captured from the network.
SOLUTION:
The vendor will reportedly use unique SSL private keys with a
self-signed certificate for each router in new software versions.
PROVIDED AND/OR DISCOVERED BY:
Nick Simicich
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------