Sponsored

Security problems with Be?

dlmatthews

Casual Member
Seems to be suggested in the headlines on this site. Anyone know anything?
Just that the Telnet, FTP & HTTPs ports were left open, and someone decrypted the password and posted it online for all to see. The problem has been known about for over 18 months.

Be* took on a suggestion, and used a perl script to update all of their customers routers to restrict access to the 3 services from only the LAN address or their office's IP addresses. Details are over on their official forum.

The changes are no built-in to a modified 6.1.4.x firmware, so even if you do a factory reset of the router, the vulnerability won't get opened up again.
 

Mel

ULTIMATE Member
Just that the Telnet, FTP & HTTPs ports were left open, and someone decrypted the password and posted it online for all to see. The problem has been known about for over 18 months.

They were rather lucky that it wasn't exploited in all that time.

The remote access password was only 6 letters and the hash, which is stored in the router's config file could easily be looked up by to obtain the password by anyone with the router or a copy of the config file, using a site such as http://md5.rednoize.com/

I'm amazed that the permited remote access IP range wasn't restricted in the first place, rather than solely depending on a common password.
 

dlmatthews

Casual Member
The remote access password was only 6 letters and the hash, which is stored in the router's config file could easily be looked up by to obtain the password by anyone with the router or a copy of the config file, using a site such as http://md5.rednoize.com/
You didn't even need to be that techy savy about the whole thing originally. The original routers shipped had the passwords stored in plain text within the Template files, and these files were also easily available from the Be* web-site (linked to from one of the Member Centre pages, but actually accessible without authentication).
 

MrSunshine

Casual Member
Well as long as it's OK now! Bit of a concern though. Have had to keep my missus blissfully unaware of this as she's constantly paranoid about folk parking outside our house and looking at our bank details! Thanks guys.
 
Top
Promotion
Cheapest Superfast ISPs
  • Vodafone £19.50 (*22.50)
    Speed 38Mbps, Unlimited
    Gift: None
  • NOW £20.00 (*32.00)
    Speed 36Mbps, Unlimited
    Gift: None
  • Hyperoptic £20.00 (*25.00)
    Speed 50Mbps, Unlimited
    Gift: Promo Code: ROKUGIFT
  • TalkTalk £21.00 (*29.95)
    Speed 38Mbps, Unlimited
    Gift: None
  • Shell Energy £21.99 (*30.99)
    Speed 35Mbps, Unlimited
    Gift: None
Large Availability | View All
Cheapest Ultrafast ISPs
  • Vodafone £23.50 (*26.50)
    Speed: 100Mbps, Unlimited
    Gift: None
  • Gigaclear £24.00 (*49.00)
    Speed: 300Mbps, Unlimited
    Gift: None
  • Hyperoptic £25.00 (*35.00)
    Speed: 150Mbps, Unlimited
    Gift: Promo Code: ROKUGIFT
  • Community Fibre £27.50 (*32.50)
    Speed: 200Mbps, Unlimited
    Gift: First 6 Months Free
  • Virgin Media £28.00 (*52.00)
    Speed: 108Mbps, Unlimited
    Gift: None
Large Availability | View All
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Promotion
The Top 20 Category Tags
  1. FTTP (3674)
  2. BT (3045)
  3. Politics (1976)
  4. Building Digital UK (1945)
  5. FTTC (1897)
  6. Openreach (1862)
  7. Business (1719)
  8. Mobile Broadband (1503)
  9. Statistics (1431)
  10. FTTH (1367)
  11. 4G (1296)
  12. Virgin Media (1198)
  13. Fibre Optic (1186)
  14. Wireless Internet (1176)
  15. Ofcom Regulation (1168)
  16. Vodafone (860)
  17. EE (846)
  18. 5G (794)
  19. TalkTalk (781)
  20. Sky Broadband (757)
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules