Vulnerabilities > CVE-2008-1526 - Use of Password Hash With Insufficient Computational Effort vulnerability in Zyxel products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
ZyXEL Prestige routers, including P-660, P-661, and P-662 models with firmware 3.40(PE9) and 3.40(AGD.2) through 3.40(AHQ.3), do not use a salt when calculating an MD5 password hash, which makes it easier for attackers to crack passwords.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://www.gnucitizen.org/projects/router-hacking-challenge/
- http://www.gnucitizen.org/projects/router-hacking-challenge/
- http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdf
- http://www.procheckup.com/Hacking_ZyXEL_Gateways.pdf
- http://www.securityfocus.com/archive/1/489009/100/0/threaded
- http://www.securityfocus.com/archive/1/489009/100/0/threaded