Bugtraq mailing list archives
Re: Bay Networks Security Hole
From: gert () GREENIE MUC DE (Gert Doering)
Date: Thu, 14 May 1998 20:00:43 +0200
Hi, Kirby Dolak wrote:
2. Bay recommends that both accounts (User and Manager) have passwords assigned. Both have default/null passwords as they ship from the factory, just like a Unix system. The administrator should immediately take measures to secure the system, at initial system install, so that an unauthenticated user/manager doesn't have access to device management information, such as the community names and addresses via telnet/console.
I like the way Cisco approaches this issue. Unless you set a login password, or enable some kind of "aaa authentication" service, you CANNOT LOGIN AT ALL over network. And if you are logged in to an unprivileged account, you cannot become superuser unless you have already set the enable password from the console. This is VERY good. No need to "recommend" anything, it's just "secure out of the box". If you neglect to configure the password, it just isn't accessible at all (except from the physical console). gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany gert () greenie muc de fax: +49-89-35655025 gert.doering () physik tu-muenchen de
Current thread:
- Re: Bay Networks Security Hole Berislav Todorovic (May 11)
- <Possible follow-ups>
- Re: Bay Networks Security Hole Kirby Dolak (May 14)
- Re: Bay Networks Security Hole Gert Doering (May 14)
- security holes, notification protocols, and a clarification Michael Tiemann (May 14)
- pingflood.c AntireZ (Apr 09)
- Re: pingflood.c Solar Designer (May 18)
- Toshiba notebooks BIOS password backdoor Rop Gonggrijp (May 15)
- Re: Toshiba notebooks BIOS password backdoor Aleph One (May 15)
- May SysAdmin man.sh security hole Aleph One (May 16)
- kde exploit Catalin Mitrofan (May 16)
- Re: kde exploit Aleph One (May 16)
- Re: security holes, notification protocols, and a clarification Elmer Joandi (May 15)
- Re: security holes, notification protocols, and a clarification Nathan Neulinger (May 15)