Bugtraq mailing list archives
Re: F5 Networks Security Advisory (fwd)
From: pedward () WEBCOM COM (pedward () WEBCOM COM)
Date: Wed, 10 Nov 1999 22:18:54 -0800
I am upset about the recent thread about the Big/ip support account on Bugtraq. First of all, it's just stupid to sit here and say "They ship a product with a security hole, because it has a support password that is root priv'd". I have known about this for nearly 2 years, questioned them initially, but wrote it off as non-consequential. First of all, the default config is very restrictive, and they don't recommend the contrary. The Big/ip products ship with the F5 labs firewall IP COMMENTED OUT of the sshd config. They assured me that they rotate the passwords on a regular basis to ensure that accountability is retained internally. If the device shipped with a password that was obtained via a hex dump of a ROM, I could understand, but we're talking about a password that requires many hours of CPU time, or hundreds of thousands of dollars of hardware. I don't like good people like F5 getting grilled, and sending me a stupid advisory, because someone cried the equivelent of 'Y2K bug'. When will the discussion of real security threats, return to Bugtraq? Hey everybody, <insert fav dist> ships with a UID 0 account, it's password is probably guessable. Grr, this just makes me mad that we're discussing this. --Perry -- Perry Harrington Director of zelur xuniL () perry () webcom com System Architecture Think Blue. /\
Current thread:
- F5 Networks Security Advisory (fwd) Gwendolynn ferch Elydyr (Nov 10)
- Re: F5 Networks Security Advisory (fwd) pedward () WEBCOM COM (Nov 10)
- Re: F5 Networks Security Advisory (fwd) Mike Johnson (Nov 11)
- Re: F5 Networks Security Advisory (fwd) pedward () WEBCOM COM (Nov 11)
- FormHandler.cgi Mnemonix (Nov 11)
- Re: FormHandler.cgi m4rcyS (Nov 16)
- hping2 antirez () INVECE ORG (Nov 16)
- Re: F5 Networks Security Advisory (fwd) Mike Johnson (Nov 11)
- Re: F5 Networks Security Advisory (fwd) Rogier Wolff (Nov 12)
- Re: F5 Networks Security Advisory (fwd) pedward () WEBCOM COM (Nov 10)