Ok.. so you would think after 3Com $%#& up last year of inserting default password into firmware vendors would learn their lesson? [See http://geek-girl.com/bugtraq/1998_2/0340.html for 3com rant] Hah! Welcome to the world of strings and Bay Networks firmware files. I have looked at some bay networks switches and see that the following have default password of "NetICs" BayStack 350T HW:RevC FW:V1.01 SW:V1.2.0.10 BayStack 350T HW:RevC FW:V1.01 SW:V2.0.0.15 These however I was not able to find defaults for: BayStack 350-24T HW:RevA FW:V1.04 SW:V1.0.0.2 Bay Networks BayStack 303 Ethernet Switch BayStack 28115/ADV Fast Ethernet Switch If you have firmware images for the above, just % strings *.img | grep -B5 "Invalid Password" Something similar to this command might give you the passwd. Of course I don't have to tell you about how bad it is when someone can control your network infrastructure (switches). I don't have much experience with Bay hardware (in fact, I have none - someone at work just asked me to help them get into a switch for which they forgot the password). If someone can shed some light on this topic, it would be great. And yes, I consider this to be a backdoor - wouldn't you call it a backdoor if Solaris had default password for root logins? How can vendors in 1999 even THINK about something as stupid as inserting a default password like this into a switch!?!? Granted - I am almost sure Bay didn't have evil intentions for the use .. but still. I am speechless. -- Yan P.S. - Greetz to the inhabitants of #!adm and #!w00w00
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:38:39 PDT