On Wed, 6 May 1998, Durval Menezes wrote: > Hello, > > > PROBLEM: > > There appears to be a backdoor/undocumented "access level" in current (and > > possibly previous) versions of 3Com's "intelligent" and "extended" > > switching software for LanPlex/Corebuilder switches. > > Just checked my 3Com Superstack II intelligent hub and Switches (they have > a similar Telnet interface) and they appear NOT to have this backdoor > (humm, or does the backdoor use a different username/password? I wonder...) > No but unfortunately there is another "tech" user that took me only about 20min to dig out from compressed image. Same pair works for CellPlex 7000 :( The username is tech, as is the password. I'll think that 3Com should be informed to release a security advisory ASAP. Telnet, V1.0, 3Com NCD, 1996 LinkSwitch 2700 Rev 1.0 Software version Ver. 3.50 - Built Sep 11 1997 11:21:13 Select access level (read, write, admin): tech Password: **** LinkSwitch 2700 Rev 1.0 Administration Console Accessed at tech access level. main menu: ========== [1] system - Administer System level functions -> [2] ethernet - Administer Ethernet ports -> [3] bridge - Administer Bridging -> [4] atm - Administer ATM resources -> [5] le - Administer LAN Emulation Clients -> [6] vns - Administer Virtual Networks configuration -> [7] management - Administer IP and SNMP -> [8] quit - Logout of the administration console [9] fast - Fast Setup [10] tech - Special technician options -> '\' - Main menu '-' - Prev menu > quiConnection closed by foreign host. Use tech/system/password to set new password. Telnet, V1.0, 3Com NCD, 1996 ------------------------------- - CELLplex 7000 - - - - ATM Backbone Switch - ------------------------------- Access level (read, write, admin):tech Password: **** CP7000 switch module - Main Menu: (1) SYS: Platform config -> (2) LEM: Lan Emulation -> (3) CON: Connections -> (4) STS: Statistics -> (5) DIA: Testing & Diagnostics -> (6) FTR: ATM features (7) LOG: Logout (8) VER: Version (9) FST: Fast Setup (10) DBG: Debug -> [ '\' -Main, '-' -Back in menus] [ '=0'-To switch, '=n'-To i/f card n (1-4)] > >7 Connection closed by foreign host. Use (1)SYS\(1)SET\(2)PAS> to set new password. Ok, now how about models 1000 and 3000 ? :-) riku -- [ This .signature intentionally left blank ]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:52:36 PDT