Enclosed is a message that I sent to Compaq/Microcom's technical support about their Microcom 6000 access integrators. There is a DoS as well as a brute-force password attack on these systems. I received a canned reply from their technical team, but have yet to hear anything else from them, and this was early June. I spoke with their technical support on the phone, and the answer to this problem is to turn off telnet access. That's it - there was a message in their call reference that there is no plans to upgrade or modify the pShell (pSOS). Just thought that people should know that Compaq/Microcom do not seem to care about security, nor do they seem to care that security is an issue for their customers. And I am assuming that since the 6000 Acess Integrator is their flagship model, these problems are present in all Acess Integrator models. BTW: The OS versions that I reported in my letter to Microcom are incorrect. I was reading the wrong information - the correct version is 4.0.13, and the latest version of the software is 4.0.15 (and 5.0 is in beta, according to the technician). There are no security changes from 4.0.13 to 4.0.15, AFAIK. -----FW: <01BD8EFC.379275D0.supportat_private>----- Date: Wed, 3 Jun 1998 14:30:54 +0100 From: Microcom Support <supportat_private> To: "alecat_private" <alecat_private> Subject: FW: Support Query Additional: If you wish to contact us with regard to this matter please quote Call Ref#: 305752. The best people to talk to about this would be at : Microcom Inc. 500 River Ridge Drive, Norwood. MA 02062 Hardware : Tel +1 (781) 551-1313 Carbon Copy : Tel +1 (781) 551-1414 Fax : +1 (781) 551-1898 BBS : +1 (781) 551-4750 ______________________ Thank you for bringing this matter to our attention. I have forwarded this eMail to our central site products technical team who will address the situation. We will contact you again in due course. Best regards, Microcom : Compaq Access Solutions Division. Online Support - supportat_private WWW - www.microcom.com FTP - ftp.microcom.com PLEASE INCLUDE THIS EMAIL IN ALL FUTURE COMMUNICATIONS ON THIS SUBJECT -----Original Message----- From: alecat_private [SMTP:alecat_private] Sent: Wednesday, June 03, 1998 8:58 AM To: supportat_private Subject: Support Query On Wednesday, June 3, 1998 at 03:58:02, the following data was submitted from http://www.microcom.com/support/feedback/index.html First Name Alec Middle Initial A Last Name Kosky Company Dakota Communications Title System Admin/Programmer Country United States Email alecat_private User Type End User Product CM6K-Series Other Product Software or Firmware Version pSOS Operating System Platform used Query This set of comments/questions is directed to the security guys. We currently use a Microcom 6100 Access Integrator, and I believe the firmware/OS is subject to a possible denial of service attack, as well as a possible brute force attempt to guess the password. I believe the OS on the system is pSOS 6.02 for the MNC card and 6.01 for the PRI card. The denial of service problem is this: there is no timeout when typing in the username and password - from what I have seen, a user can make a telnet connection to the MNC or PRI card and leave the connection open indefinitely. If the user only has one connection open, then this is not problem. However, the system will not accept more than 4 telnet connections at one time. Thus, a malicious user/hacker could open 4 telnet connections to either (or both cards) and deny all legitimate connections to the card. The other problem is that the system does not close the connection after a specified number of invalid login attempts. A program such as 'crack' could be modified to work over a network and attempt to guess the administrator's password. Neither of these are acceptable on any system, let alone a company's flagship model. First, I would like to know if there is a firmware/OS update (upgrade?) available to fix these problems, and second, if there is no upgrade available, will one be available soon? --------------End of forwarded message------------------------- --Alec--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:12:24 PDT