This is the mail archive of the
ecos-bugs@sourceware.org
mailing list for the eCos project.
[Bug 1002195] New: SYN Flood or FIN Flood attack results in web Authentication Bypass
- From: bugzilla-daemon at ecoscentric dot com
- To: unassigned at bugs dot ecos dot sourceware dot org
- Date: Mon, 24 Oct 2016 06:22:53 +0000
- Subject: [Bug 1002195] New: SYN Flood or FIN Flood attack results in web Authentication Bypass
- Authentication-results: sourceware.org; auth=none
- Authentication-results: mail.ecoscentric.com; dkim=permerror (bad message/signature format)
- Auto-submitted: auto-generated
- Dkim-filter: OpenDKIM Filter v2.10.3 mail.ecoscentric.com 30B77A8B075
Please do not reply to this email, use the link below.
http://bugs.ecos.sourceware.org/show_bug.cgi?id=1002195
Bug ID: 1002195
Summary: SYN Flood or FIN Flood attack results in web
Authentication Bypass
Product: eCos
Version: unknown
Target: linux (Linux synthetic target)
Architecture/Host_ HostOS: Linux
OS:
Status: UNCONFIRMED
Keywords: Chargeable
Severity: critical
Priority: high
Component: Other
Assignee: unassigned@bugs.ecos.sourceware.org
Reporter: niteshvai67@gmail.com
QA Contact: ecos-bugs@ecos.sourceware.org
CC: ecos-bugs@ecos.sourceware.org
eCos Embedded Web Servers used by Multiple Routers and Home devices, while
sending SYN Flood or FIN Flood packets fails to validate and handle the packets
and does not ask for any sign of authentication resulting in Authentication
Bypass. An attacker can take complete advantage of this bug and take over the
device remotely or locally.
The bug has been successfully tested and reproduced in some versions of SOHO
Routers manufactured by TOTOLINK, GREATEK and others.
--
You are receiving this mail because:
You are the assignee for the bug.