Trustwave security researchers have discovered five new credential leaking vulnerabilities, two in a D-Link DSL modem and three in multiple Comba Telecom WiFi devices.
These issues, the researchers explain, involve the insecure storage of credentials. In three of these cases, cleartext credentials are available to all users with network access to the device.
Trustwave says multiple attempts to contact both D-Link and Comba to report these vulnerabilities remained unanswered. However, D-Link informed them several days ago that the bugs were patched.