Wireshark-bugs: [Wireshark-bugs] [Bug 10916] New: NHRP dissector incorrect decode of authenticat
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 02 Feb 2015 23:24:58 +0000
Bug ID 10916
Summary NHRP dissector incorrect decode of authentication extension
Product Wireshark
Version 1.6.7
Hardware x86
OS Ubuntu
Status UNCONFIRMED
Severity Minor
Priority Low
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter welshydragon@gmail.com 

Created attachment 13424 [details]
NHRP registrations with the incorrect dissection for NHRP authentication
extension

Build Information:
Version 1.6.7

Copyright 1998-2012 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.10, with GLib 2.32.0, with libpcap (version
unknown), with libz 1.2.3.4, with POSIX capabilities (Linux), without libpcre,
with SMI 0.4.8, with c-ares 1.7.5, with Lua 5.1, without Python, with GnuTLS
2.12.14, with Gcrypt 1.5.0, with MIT Kerberos, with GeoIP, with PortAudio
V19-devel (built Dec 10 2011 11:43:10), without AirPcap.

Running on Linux 3.8.0-44-generic, with libpcap version 1.1.1, with libz
1.2.3.4, GnuTLS 2.12.14, Gcrypt 1.5.0.

Built using gcc 4.6.3.
--
The NHRP dissector incorrectly decodes the cleartext password used in the NHRP
Authentication Extension - see the attached capture -
The first 4 bytes are decoded as an a Source Address when in fact they are the
first 4 bytes of the password, the second four bytes are displayed as just data
- when they should be displayed as a password.

You are receiving this mail because:
  • You are watching all bug changes.