SuperTabbyGingerPussCatMan (stgpcm) wrote in nmfp,

  • Mood:

APC vulnerability

Yeah, I know, this isn't a customer - but this is even more stupid than my customers.

Amature Pubescant Coders decided that storing username and password pairs was best done in.... plain text - I don't care that it is stored locally on an EEPROM that nobody has access to, you still don't store them in plaintext, you always use a one way hash.

Arsholes Pedalling Crack also decide to put a backdoor password in to facilitate factory configuration - change mac address, that sort of thing, display eeprom contents. they never change this password, and use it across the whole product range - I don't care how secret you're going to keep it, it's for factory config, so you put a jumper on the board that has to be closed before the password is looked for.

Put the two together and even a web designer could have told you it might not be the best security plan
  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic