Telindus Router (series 112x) has a well-know authentication problem, which lets to extract router password from a UDP-dump sniffed over 9833 port. More about this at: http://www.securiteam.com/securitynews/5DP0A2K7GY.html or http://neworder.box.sk/showme.php3?id=6730 New firmware (6.0.27, Jul/2002) tries to fix this problem using an encypted packet during the UDP session, but encryption scheme used is trivial and it's easy to decrypt the password knowing only the router name (name is showed by Telindus 9100 Maintenance Application during authentication). Encryption scheme, analisys, session dump and packets will posted after a Telindus reply. Elia Florio (eflorio@edmaster.it)
