Any router running DD-WRT only checks the first 8 characters of a users password. The DD-WRT firmware is used in many Linksys routers.
b39b63064f539d2fcf3558b21e0539ef9ca1fef50960fc82361ed466a56069ec
------=_Part_53538_13944141.1161882946754
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Hi,
Does anyone noticed that to authenticate in any wireless router running
DD-WRT firmware (lastest version), it only check the first 8 characters of
the password???
E.g. you can set the root password to yellowmonkey123@123 and when you try
to authenticate with yellowmonkey@blablabla ... got root!
Some other firmware users noticed and reported to the developer, but no
action was taken.
It=B4s a excelent firmware to use with linksys routers, many extras resourc=
es,
etc, but not from the security point of view.
[]=B4s
Jo=E3o Castilho
------=_Part_53538_13944141.1161882946754
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
<div>Hi,</div>
<div>Does anyone noticed that to authenticate in any wireless router runnin=
g DD-WRT firmware (lastest version), it only check the first 8 characters o=
f the password???</div>
<div>E.g. you can set the root password to <a href=3D"mailto:yellowmonkey12=
3@123">yellowmonkey123@123</a> and when you try to authenticate with <a hre=
f=3D"mailto:yellowmonkey@blablabla">yellowmonkey@blablabla</a> ... got=
root!
</div>
<div>Some other firmware users noticed and reported to the developer, =
but no action was taken.</div>
<div>It=B4s a excelent firmware to use with linksys routers, many extras re=
sources, etc, but not from the security point of view.</div>
<div>[]=B4s</div>
<div>Jo=E3o Castilho</div>
------=_Part_53538_13944141.1161882946754--