Re: [Full-disclosure] Sprint / Verizon MiFi CSRF+CSS Gives up GPS info to attacker

From: A. Ramos <aramosf_at_nospam>
Date: Sat Jan 16 2010 - 16:13:22 GMT
To: Adam Baldwin <adam_baldwin@ngenuity-is.com>

Hello all,

Just another one: you can access to the configuration backup without authentication at: /config.xml.sav

On Fri, Jan 15, 2010 at 17:12, Adam Baldwin <adam_baldwin@ngenuity-is.com> wrote:
> The MiFi by Novatel Wireless (re-branded and sold by multiple vendors
> such as Sprint and Verizon) is a mobile wifi hotspot. The mifi also has
> a built in GPS to provide location based searching.

>
> *1. Authentication not required.*

Regards, -- Alejandro Ramos -- aka dab http://www.securitybydefault.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

This message: [ Message body ]
Next message: Juha-Matti Laurio: "Re: [Full-disclosure] Google today"
Previous message: netinfinity: "Re: [Full-disclosure] Google today"
In reply to: Adam Baldwin: "[Full-disclosure] Sprint / Verizon MiFi CSRF+CSS Gives up GPS info to attacker"
Next in thread: Adam Baldwin: "Re: [Full-disclosure] Sprint / Verizon MiFi CSRF+CSS Gives up GPS info to attacker"
Reply: Adam Baldwin: "Re: [Full-disclosure] Sprint / Verizon MiFi CSRF+CSS Gives up GPS info to attacker"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]