Forwarded From: "Prosser, Mike" <Mike_Prosserat_private> http://www.techweb.com/wire/story/TWB19980515S0012 3Com Issues Security Fix To LAN Switches (05/15/98; 2:04 p.m. EST) By Jeff Caruso, InternetWeek 3Com Friday advised users to close a security "back door" to some CoreBuilder and SuperStack II LAN switches, adding that a software fix will be ready on May 20. The door was thrown wide open when special login names and passwords were distributed on Internet chat groups. These special logins were intended to give 3Com customer service representatives access to the switches for configuration and analysis if a user loses a password. Now, almost anyone can get in. 3Com has advised users log in to their switches using the special logins, then change the password. Here are the special logins: For the CoreBuilder 6000/2500 or the SuperStack II 2200, the user name is "debug" and the password is "synnet"; for the CoreBuilder 7000 or the SuperStack II Switch 2700, the user name is "tech" and the password is "tech." 3Com said the CoreBuilder 3500 and SuperStack II Switch 3900 and 9300 also have these mechanisms, but noted the special login password always matches the admin password. 3Com further advised users change the Simple Network Management Protocol (SNMP) Community string from the default to a confidential identifier chosen by the network manager. The admin password is available through an MIB variable when accessed through the read/write SNMP Community string, 3Com said. This problem affects the CoreBuilder 2500/6000/3500 and SuperStack II Switch 2200/3900/9300. The advisory is posted at www.3com.com/news/advisory51498.html -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:54:02 PDT