Info

Disclosure

Aug 06, 2007

Discovery

Jul 25, 2007

Dates

Exploit

Unknown

Solution

Unknown

Description

By default, Infrant ReadyNAS RAIDiator boots with a default root password. This password is generated by a known algorithm using MAC Address, software version, and shared secret. With this knowledge, an attacker can easily guess the default password and access all data remotely on a ReadyNAS.

Classification

Location: Remote / Network Access
Attack Type: Authentication Management
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified, Vendor Verified

Solution

Upgrade to version 4.0 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): installation of "ToggleSSH" addon from Infrant.

Products

Infrant

ReadyNAS RAIDiator

3.x

References

CVE ID: 2007-4361 (see also: NVD)
Bugtraq ID: 25290
Secunia Advisory ID: 26442
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-08/0164.html
Vendor Specific Solution URL: http://www.infrant.com/forum/viewtopic.php?t=12249
Vendor Specific Advisory URL: http://www.infrant.com/forum/viewtopic.php?t=12313
Vendor Specific News/Changelog Entry: http://www.infrant.com/forum/viewtopic.php?t=3366&start=30

Credit

Brian Chapados - brian_at_chapados.org -
Felix Domke - tmbinc_at_elitedvb.net -

Direct URL: http://osvdb.org/36357