NMC card? The only card you can telnet to is the NAC (Network Access Card, I believe). The bug appears to be present on this card. -- Eric Wanner Head Systems Administrator FutureOne, Inc. 602-385-3379 http://home.futureone.com EfNet: holobyte On Mon, 21 Dec 1998, Entropy wrote: > The software that 3com has developed for running the NMC (network > management card) for the Total Control Hubs is a bit shady. > After uploading the software ( as one must do) YOU will notice a login > account called "adm" with no password. > Naturally no one wants the "adm" login there, so they delete it from the > configuration, and go on programming the box. Once the box has been > programmed and is ready to take calls, it is necessary to save all > settings, and hardware reset the box, at this point the box is fully > configured, and ready to > take calls. The problem is this, the "adm" login requiring no password, is > still there after the hardware reset!!! It cannot be deleted! > I have ran a trace route on over 37 ISP's, found there HD box's, and > have been able to get > into 21 of them through this security hole! > The admin that programmed the box has no reason to go back into the > configuration after doing the > hardware reset, he has already gone over and double checked his settings, > they all looked good, and hardware reset has gone into action as the last > step.., he has no clue that the "adm" he has deleted is still there, and > active. > In order to stop the "adm" login one can only dis-able the "adm" > login, not delete it....this is the only way to stop the login. > > I have tested this on the current, and last 3 releases of software put out > by 3com for the NMC card. 3Com has been notified > > I hope this helps. > > Entr0py >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:25:39 PDT