Bugtraq mailing list archives
Re: Default password in Bay Networks switches.
From: jogreen () NORTELNETWORKS COM (Jon Green)
Date: Wed, 10 Mar 1999 17:16:53 -0800
And yes, I consider this to be a backdoor - wouldn't you call it a backdoor if Solaris had default password for root logins? How can vendors in 1999 even THINK about something as stupid as inserting a default password like this into a switch!?!? Granted - I am almost sure Bay didn't have evil intentions for the use .. but still. I am speechless.
This was fixed in version 2.0.3.4 of the BS350 code last November. The backdoor is still there for console access, but not for telnet. This problem only affected the Baystack 350T and 350F, it did not affect the 350-24T or 450. Also, note that the 350 has always had the ability to limit telnet logins to certain source addresses; it is recommended that that feature be used. Software upgrades for the 350 can be found at http://support.baynetworks.com under Software. If you don't have a support contract, call (800) 2LANWAN. -Jon ------------------------------------------------------------------- Jon Green 4301 Great America Pkwy Senior Competitive Test Engineer Santa Clara, CA 95054 Nortel Networks (408) 495-2618 Voice jogreen () nortelnetworks com (408) 495-4540 Fax -------------------------------------------------------------------
Current thread:
- Re: Default password in Bay Networks switches. Jon Green (Mar 10)
- Re: Default password in Bay Networks switches. Dmitry Kohmanyuk Дмитрий Кохманюк (Mar 11)
- <Possible follow-ups>
- Re: Default password in Bay Networks switches. Greg Galloway (Mar 12)
- Re: Default password in Bay Networks switches. Jan B. Koum (Mar 12)
- Microsoft Security Bulletin (MS99-008) aleph1 () UNDERGROUND ORG (Mar 13)