Vulnerability on Overtek ONU authorization method

Instead of using cookies for authenticating clients and linking them to their respective sessions, Overtek OT-4020vw detects the client IP address and allow administrative privileges, with the right password, to that IP. That means that if you have an infrastructure like the following, all computers in a subnet would have access to the admin panel… read more »

DOS attacks on servers with enabled SSL Renegotiations

This script acts on a security failure present in older(2003) versions of apache. Estabilishing a secure SSL connection requires 15x more processing power on the server than the client. By exploiting this asymmetric property, the client sends thousands of renegotiation requests in the same TCP connection. When server gets overloaded, it stop serving further requests…. read more »