The Nortel CVX 1800 is a modem bank containing up to 2600 modems per box. Many ISP's are using them for their dial-up customers. While querying the CVX-1800 for SNMP codes to use in a modem statistics program I was writing, I discovered the CVX-1800 will spill out all user names and passwords in clear text for locally configured telnet accounts. These are the accounts used to configure the CVX itself, and not the user names and passwords of dialed up users. To retrieve the information under Linux I used the following command syntax; snmpwalk CVX-IP-ADD-RESS public .1 If you have a Nortel CVX-1800 and you have not changed your SNMP community string to something other than public, you are vulnerable to anyone who can reach the box including the dial-up users. Do not assume dial-up users cannot determine the IP address of the CVX. Typing "route" on a Linux box dialed up to the CVX will display the IP address of the CVX as the default gateway. Windows will show it's assigned dial-up IP address as the default gateway. I notified Nortel Support of my find back in February of this year. The CVX-1800 software versions I tested this on was 3.6.3p24 and 3.6.3p5. Fix: Change your SNMP community string to something other than it's default value of public. -Michael Rawls
This archive was generated by hypermail 2b30 : Mon Apr 15 2002 - 14:04:38 PDT