Re: Default password in Bay Networks switches.

From: Colin Johnston (colinjat_private)
Date: Sun Feb 20 2000 - 14:14:02 PST

Next message: LigerTeam: "unused bit attack alert"

Previous message: deepquestat_private: "Re: Timbuktu Pro 2.0b650 DoS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

After the baystack code fix (203 code) last year which fixed telnet backdoor
known password, not however console backdoor known password issue,
I would have thought Nortel would have made some official comment ??

Hot news :)
in latest 3.0 code pdf file a comment is made about backdoor password issue
"Updated backdoor password mechanism"

I am a bit concerned about this comment above - what does it mean ??
Has the backdoor password mechanism(code) been deleted for good ??

Colin Johnston



> Date: Wed, 10 Mar 1999 14:48:58 -0800
> From: Jan B. Koum <jkbat_private>
> To: BUGTRAQat_private
> Subject: Default password in Bay Networks switches.
>
> Ok.. so you would think after 3Com $%#& up last year of inserting
> default password into firmware vendors would learn their lesson?
> [See http://geek-girl.com/bugtraq/1998_2/0340.html for 3com rant]
>
> Hah! Welcome to the world of strings and Bay Networks firmware
> files. I have looked at some bay networks switches and see that
> the following have default password of "NetICs"
>
> BayStack 350T   HW:RevC  FW:V1.01 SW:V1.2.0.10
> BayStack 350T   HW:RevC  FW:V1.01 SW:V2.0.0.15
>
> These however I was not able to find defaults for:
>
> BayStack 350-24T HW:RevA  FW:V1.04 SW:V1.0.0.2
> Bay Networks BayStack 303 Ethernet Switch
> BayStack 28115/ADV Fast Ethernet Switch
>
> If you have firmware images for the above, just
>
> % strings *.img | grep -B5 "Invalid Password"
>
> Something similar to this command might give you the passwd.
> Of course I don't have to tell you about how bad it is when
> someone can control your network infrastructure (switches).
>
> I don't have much experience with Bay hardware (in fact, I have
> none - someone at work just asked me to help them get into a
> switch for which they forgot the password). If someone can
> shed some light on this topic, it would be great.
>
> And yes, I consider this to be a backdoor - wouldn't you call it
> a backdoor if Solaris had default password for root logins?
> How can vendors in 1999 even THINK about something as stupid as
> inserting a default password like this into a switch!?!?
> Granted - I am almost sure Bay didn't have evil intentions for
> the use .. but still. I am speechless.
>
> -- Yan
>
>
> P.S. - Greetz to the inhabitants of #!adm and #!w00w00
>

Next message: LigerTeam: "unused bit attack alert"
Previous message: deepquestat_private: "Re: Timbuktu Pro 2.0b650 DoS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:36:11 PDT