Hi Yossi, Are you doing something funky with your IP address, e.g., NAT'ed/short DHCP lease? The reason I ask is because in 2008, Adrian Pastor stated authentication in the 3Com Wireless 8760 was linked to the source IP address [1]. It may well be the case (as you have discovered) that it allows arbitrary IP addresses to access the config once an administrator has authentication... However, I just wanted to hit this badboy up incase there was some confusion. Cheers, Tom [1] http://securityreason.com/wlb_show/WLB-2008110039 On Tue, 15 Sep 2009 22:27:31 +0300, Yossi Yakubov <yos20053@xxxxxxxxx> wrote: > Hi > My name is Yossi Yakubov and i am a security researcher. Recently me > and my collegues found the following vulnerability in the 3Com > Wireless8760 web administration interface: > > If one user is authenticated to the web interface, other users can > access to internal pages without further authentication. That means > that one opened Session is enough between the user and web > administration , and other users can also access to the web > administration interface. > > Malicious user can wait until ones logins to the interface and then he > can access and administer 3Com Wireless8760 Access Point without > further authentication. Among different operations the malicious user > can cause to Denial of Service (Dos) attack to the entire network by > changing the configuration such as IP addresses. > > FYI > > Waiting for your review > > Best Regards > > Yossi Yakubov
