Vulnerability Development mailing list archives
Re: news story and router passwords
From: Mathias Wegner <mwegner () cs oberlin edu>
Date: Thu, 12 Oct 2000 23:07:31 -0400
Sniffing router passwords including the "Enable" password for a Cisco router is easy.
If the victim router isn't running an IOS version that supports
ssh or kerberos it is easy. Of course, if the network admin is security
conscious, it gets a lot harder...
it may not have been a Cisco router as their passwords can be physically reset at the router, therefore they may have been down for 11 hours but not 11 days.
Even less time, in fact - once you know the procedure, it takes
almost no time at all. When learning how to do so on a 2514, I think it
took me about 15 minutes from being locked out of enable to being running
with the orginal config register and using a new enable password.
Although the terminal directly hooked up to the console port is nice, too.
Mathias
Current thread:
- Netscape crashes, sec. bug? Sylvan Ravinet (Oct 10)
- Re: Netscape crashes, sec. bug? Erik Tayler (Oct 10)
- Cisco 678 exploit George (Oct 11)
- news story and router passwords Vitaly Osipov (Oct 12)
- Re: news story and router passwords Talisker (Oct 12)
- Re: news story and router passwords Mathias Wegner (Oct 13)
- Re: news story and router passwords Ralph Moonen (Oct 12)
- Re: news story and router passwords Lincoln Yeoh (Oct 12)
- Re: news story and router passwords Mark Teicher (Oct 13)
- Re: news story and router passwords Talisker (Oct 13)
- Re: news story and router passwords Mark Teicher (Oct 14)
- Re: news story and router passwords Talisker (Oct 14)
- Re: news story and router passwords Mark Teicher (Oct 14)
- Cisco 678 exploit George (Oct 11)
- Re: Netscape crashes, sec. bug? Erik Tayler (Oct 10)
- Re: news story and router passwords Jim Duncan (Oct 13)
- Re: Cisco 678 exploit Damir Rajnovic (Oct 12)
- Re: Cisco 678 exploit Joe (Oct 12)