After the baystack code fix (203 code) last year which fixed telnet backdoor known password, not however console backdoor known password issue, I would have thought Nortel would have made some official comment ?? Hot news :) in latest 3.0 code pdf file a comment is made about backdoor password issue "Updated backdoor password mechanism" I am a bit concerned about this comment above - what does it mean ?? Has the backdoor password mechanism(code) been deleted for good ?? Colin Johnston > Date: Wed, 10 Mar 1999 14:48:58 -0800 > From: Jan B. Koum <jkbat_private> > To: BUGTRAQat_private > Subject: Default password in Bay Networks switches. > > Ok.. so you would think after 3Com $%#& up last year of inserting > default password into firmware vendors would learn their lesson? > [See http://geek-girl.com/bugtraq/1998_2/0340.html for 3com rant] > > Hah! Welcome to the world of strings and Bay Networks firmware > files. I have looked at some bay networks switches and see that > the following have default password of "NetICs" > > BayStack 350T HW:RevC FW:V1.01 SW:V1.2.0.10 > BayStack 350T HW:RevC FW:V1.01 SW:V2.0.0.15 > > These however I was not able to find defaults for: > > BayStack 350-24T HW:RevA FW:V1.04 SW:V1.0.0.2 > Bay Networks BayStack 303 Ethernet Switch > BayStack 28115/ADV Fast Ethernet Switch > > If you have firmware images for the above, just > > % strings *.img | grep -B5 "Invalid Password" > > Something similar to this command might give you the passwd. > Of course I don't have to tell you about how bad it is when > someone can control your network infrastructure (switches). > > I don't have much experience with Bay hardware (in fact, I have > none - someone at work just asked me to help them get into a > switch for which they forgot the password). If someone can > shed some light on this topic, it would be great. > > And yes, I consider this to be a backdoor - wouldn't you call it > a backdoor if Solaris had default password for root logins? > How can vendors in 1999 even THINK about something as stupid as > inserting a default password like this into a switch!?!? > Granted - I am almost sure Bay didn't have evil intentions for > the use .. but still. I am speechless. > > -- Yan > > > P.S. - Greetz to the inhabitants of #!adm and #!w00w00 >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:36:11 PDT