I dont know if this is known or documented elsewhere but it took me by suprise, so here goes. The recent posts about the rcon user in quake servers have reminded me that I still havent heard back from 3Com about the following "feature". My experience has shown that switches are not as much missle chucking fun as quake, but that isnt to say you cant play games on one. <hyuk> PROBLEM: There appears to be a backdoor/undocumented "access level" in current (and possibly previous) versions of 3Com's "intelligent" and "extended" switching software for LanPlex/Corebuilder switches. In addition to the "admin", "read", and "write" accounts, there is a "debug" account with a password of "synnet" on shipped images (including those available for download from infodeli.3com.com). The versions of firmware this was tested under include 7.0.1 and 8.1.1. The debug account appears to have all the privileges of the admin account plus some "debug" commands not available to any other ID. IMPACT: If you allow "remote administration" (telnet access), well... yeah. FIX: Login to the switch with the debug/synnet combo and use the "system password" command to change this to something non-default. You wont be able to change the password using the admin account.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:52:15 PDT