Bugtraq mailing list archives
Re: 3Com switches - undocumented access level.
From: durval () TMP COM BR (Durval Menezes)
Date: Wed, 6 May 1998 14:50:37 -0300
Hello again, A little update: just checked an ASCII dump of the FMS-II Superstack Hub firmware (3Com's P/N 3c16630a) looking for undocumented username/password strings and didn't find any... that doen't mean that there isn't one, through. BTW: Don't you love it when your trusty vendor sticks security backdoors in their products? :-( I used to recomend 3Com products to my clients but now I'm starting to have second thoughts...
PROBLEM: There appears to be a backdoor/undocumented "access level" in current (and possibly previous) versions of 3Com's "intelligent" and "extended" switching software for LanPlex/Corebuilder switches.Just checked my 3Com Superstack II intelligent hub and Switches (they have a similar Telnet interface) and they appear NOT to have this backdoor (humm, or does the backdoor use a different username/password? I wonder...)
Best Regards, -- Durval Menezes (durval () tmp com br, http://www.tmp.com.br/~durval)
Current thread:
- Re: 3Com switches - undocumented access level. Mike Richichi (May 05)
- Re: 3Com switches - undocumented access level. Doug Hughes (May 06)
- <Possible follow-ups>
- Re: 3Com switches - undocumented access level. Durval Menezes (May 06)
- Re: 3Com switches - undocumented access level. Durval Menezes (May 06)
- Re: 3Com switches - undocumented access level. Jean-Francois Malouin (May 06)
- Re: 3Com switches - undocumented access level. Riku Meskanen (May 07)
- dip 3.3.7 exploit jamez (May 07)
- dip-3.3.7o exploit zef (May 07)
- Re: 3Com switches - undocumented access level. Eric Monti (May 07)
- Re: 3Com switches - undocumented access level. Sasha Egan (May 08)
- NSCA HTTPD (for Windows) bug. Renos (May 08)
- 4 Advisories for Digital Unix: ftp, advs, rpc.statd, ftpd Helmut Springer (May 08)
- xterm exploit [TOG issue] Andrea Arcangeli (May 08)
- BSDI 3.1/Squid Default Owner Jonathan A. Zdziarski (May 07)