Bugtraq mailing list archives

Re: cayman strikes again

From: "Jon O ." <jono () microshaft org>
Date: Tue, 10 Jul 2001 23:32:45 -0700

Whoa now, this is because you never set the default "user" password to something other than empty space Cayman so 
thoughtfully set it to by default. So, from what I can tell, '}' isn't any special back door username. At least not in:

GatorSurf 5.6.2

login: }
Password:
Login incorrect

However, just another example of a company leaving their users open to stupid attacks, hacks and providing DDoS ammo. 
Cayman, please require the user to set BOTH passwords before doing anything else and/or at least warn them...


Thanks,
Jon


On 11-Jul-2001, Russell Handorf wrote:

try using '}' as a username without a password for cayman routers.

login: }
Password:

Terminal shell v1.0
Cayman-DSL Model 3220-H, DMT-ADSL (Alcatel) plus 4-port hub
Running GatorSurf version 5.3.0 (build R1)
(} completed login: user level)

Cayman-DSL{SNIP}>
==================================
Russell Handorf
a.k.a. a deity called alphonzo

visit a website of mine
www.russells-world.com
www.soilentgreen.com
www.soilentgreenispeople.com
www.aol-secrets.org
www.inside-aol.com (I just host that one)
==================================

Attachment: _bin
Description:

Current thread:

cayman strikes again Russell Handorf (Jul 10)
- Re: cayman strikes again Jon O . (Jul 15)
- <Possible follow-ups>
- RE: cayman strikes again Joshua Fritsch (Jul 15)
  - RE: cayman strikes again Paul Allman (Jul 16)