Re: 3Com switches - undocumented access level.

From: Riku Meskanen (mesrikat_private)
Date: Thu May 07 1998 - 11:56:26 PDT

Next message: Jonathan A. Zdziarski: "BSDI 3.1/Squid Default Owner"

Previous message: Durval Menezes: "Re: 3Com switches - undocumented access level."
Maybe in reply to: Eric Monti: "3Com switches - undocumented access level."
Next in thread: Eric Monti: "Re: 3Com switches - undocumented access level."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 6 May 1998, Durval Menezes wrote:
> Hello,
>
> > PROBLEM:
> > There appears to be a backdoor/undocumented "access level" in current (and
> > possibly previous) versions of 3Com's "intelligent" and "extended"
> > switching software for LanPlex/Corebuilder switches.
>
> Just checked my 3Com Superstack II intelligent hub and Switches (they have
> a similar Telnet interface) and they appear NOT to have this backdoor
> (humm, or does the backdoor use a different username/password? I wonder...)
>
No but unfortunately there is another "tech" user that took me
only about 20min to dig out from compressed image. Same pair
works for CellPlex 7000 :(

The username is tech, as is the password.

I'll think that 3Com should be informed to release a security
advisory ASAP.

Telnet, V1.0, 3Com NCD, 1996

LinkSwitch 2700 Rev 1.0
Software version Ver.  3.50  - Built Sep 11 1997 11:21:13

Select access level (read, write, admin): tech
Password: ****

LinkSwitch 2700 Rev 1.0 Administration Console
Accessed at tech access level.

main menu:
==========
   [1] system        - Administer System level functions ->
   [2] ethernet      - Administer Ethernet ports ->
   [3] bridge        - Administer Bridging ->
   [4] atm           - Administer ATM resources ->
   [5] le            - Administer LAN Emulation Clients ->
   [6] vns           - Administer Virtual Networks configuration ->
   [7] management    - Administer IP and SNMP ->
   [8] quit          - Logout of the administration console
   [9] fast          - Fast Setup
  [10] tech          - Special technician options ->

'\' - Main menu   '-' - Prev menu
> quiConnection closed by foreign host.

Use tech/system/password to set new password.

Telnet, V1.0, 3Com NCD, 1996


                     -------------------------------
                     -     CELLplex    7000        -
                     -                             -
                     -  ATM     Backbone    Switch -
                     -------------------------------
Access level (read, write, admin):tech
Password: ****


CP7000 switch module - Main Menu:
   (1) SYS: Platform config ->
   (2) LEM: Lan Emulation ->
   (3) CON: Connections ->
   (4) STS: Statistics ->
   (5) DIA: Testing & Diagnostics ->
   (6) FTR: ATM features
   (7) LOG: Logout
   (8) VER: Version
   (9) FST: Fast Setup
  (10) DBG: Debug ->
[ '\' -Main,      '-' -Back in menus]
[ '=0'-To switch, '=n'-To i/f card n (1-4)]
>
>7
Connection closed by foreign host.

Use (1)SYS\(1)SET\(2)PAS> to set new password.

Ok, now how about models 1000 and 3000 ?

:-) riku

--
    [ This .signature intentionally left blank ]

Next message: Jonathan A. Zdziarski: "BSDI 3.1/Squid Default Owner"
Previous message: Durval Menezes: "Re: 3Com switches - undocumented access level."
Maybe in reply to: Eric Monti: "3Com switches - undocumented access level."
Next in thread: Eric Monti: "Re: 3Com switches - undocumented access level."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:52:36 PDT