Bugtraq mailing list archives

Magic password of some linux-box(Hardware..)

From: paladin () intersys kaist ac kr (Seo Euiseong)
Date: Mon, 18 Nov 1996 12:33:33 +0900


In recent, there are lots of host runs Linux, FreeBSD, etc...

Many administrarot believes that System Password that main board support is

fully secure to prevent the console hacker from cracking in front of the system

But, It is a very "Unsecure" thought.

A few days ago, my friend mistyped his console password, "condo,".

The BIOS vendor of his system was AWARD.

Then, The BIOS accept the password like a real password and booting,

gives the permission to set up the bios.

I thought that it was a bug of a version of award bios.

But, It's not true. Unfortunately almost versions of award bios has the

magic password "condo,"


I was very afraid of the increasing of console hacking on many linux box.

I wanna know the real fact of this magic password, and How can I disable
it.

Current thread:

Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). Leshka Zakharoff (Nov 15)
- Re: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). Kari E. Hurtta (Nov 17)
- Re: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). Alan Brown (Nov 17)
  - Digital Unix v3.x (v4.x?) security vulnerability Eric Augustus (Nov 16)
    - Re: Digital Unix v3.x (v4.x?) security vulnerability hj () globecom net (Nov 17)
  - Re: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). Bryan Reece (Nov 17)
    - Re: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). Simon Karpen (Nov 17)
    - Magic password of some linux-box(Hardware..) Seo Euiseong (Nov 17)
    - rplayd on HPUX 10.1 Henrik P Johnson (Nov 19)
    - Re: BoS: Magic password of some linux-box(Hardware..) Sergiu Popovici (Nov 19)
    - Re: BoS: Magic password of some linux-box(Hardware..) Sergei A. Golubchik (Nov 19)
    - Irix: root exploit for LicenseManager Yuri Volobuev (Nov 19)
    - Re: BoS: Magic password of some linux-box(Hardware..) moost () xs4all nl (Nov 20)
    - Ascend Killer Program Aleph One (Nov 17)
    - Serious hole in Solaris 2.5[.1] gethostbyname() (exploit included) Jeremy Elson (Nov 18)
    - Re: Serious hole in Solaris 2.5[.1] gethostbyname() (exploit Craig Raskin (Nov 18)
    - Re: Serious hole in Solaris 2.5[.1] gethostbyname() (exploit Paul B. Henson (Nov 18)
    - Re: Serious hole in Solaris 2.5[.1] gethostbyname() (exploit Russell Street (Nov 18)

(Thread continues...)