Short Name |
HTTP:3COM:CONF-DOWNLOAD |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
3Com 3crwe754g72-a Configuration File Download |
Release Date |
2004/10/20 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to download the configuration file from a 3Com 3crwe754g72-a based device. Attackers can use the sensitive information obtained from the configuration file to gain full control over the device.
If an attacker attempts to log in as administrator at the same time as another administrator is logged in, 3crwe754g72-a provides the attacker with enough information to allow them to obtain the device's configuration file, which contains the administrator's password in plain text.