Quote:
|
Originally Posted by arivero
Ok I will release it, on second inspection it is so simple that there is no issue.
I backquoted the password in the WEP configuration.
this is, I created a new wireless wep connection (wizard, anyname, Proceed, Wireless, anyssid, proceed, WEP, proceed) and in the wep security key field I used:
I pressed TEST (no proceed anymore).
And yep, it escaped.
I think iRex does not really need to patch this one. It is not a security hole, as the ssh was. Nor a Cuartango trick, as the pdf could be. Here the Owner of the machine must know exactly what he is doing, no argue about being tricked to do it (except if you have got a devilish system admistrator telling you that THAT is the password for your local wlan!).
Besides, you need to retort the trick in order to use it to "open the internet", because most probably this escape is executed at the level of the networking scripts, and man you do not want to call the networking script from the networking script.
|
neat. Congratulations on thinking of this one.