05-29-2011, 09:06 AM #1Aspiring Evangelist
- Join Date
- Jul 2009
heads up: Vendor's List Of Backdoor Accounts Leaked OnlineAn internal document listing the backdoor accounts for switches manufactured by networking equipment vendor Allied Telesis was circulating online Friday, a day after an internal support page providing instructions on accessing hard coded back door accounts in the company's products was found to be publicly accessible.
The spreadsheet was one of four documents accessible from an Allied Telesis support page containing instructions on enabling back doors. The page was marked for internal use only, but ended up visible to the public Internet. While some of the switches listed in the document have hard coded back door account passwords, many have dynamic passwords that are based on the MAC address of the hardware and require a separate password generator application to create. The password generator application was also available from the support page and has also been leaked online.
05-29-2011, 10:52 AM #2'Ripcord'ing is the only way!
05-29-2011, 12:12 PM #3
I would quickly point out that you have to have physical access to the device's administrative console port in order to use any of those backdoors - so any risk of remote compromise of equipment is non-existent.
Don't panic over this breach just yet→ RAM Host -- Premium & Budget Linux Hosting From The USA & EU
█ Featuring Powerful cPanel CloudLinux Shared Hosting
█ & Cheap Premium Virtual Dedicated Servers
→ Follow us on Twitter
05-29-2011, 11:18 PM #4Web Hosting Evangelist
- Join Date
- Jun 2009
Unless the administrative console is plugged into a server or modem, right?
05-29-2011, 11:26 PM #5
By webcom in forum Domain NamesReplies: 2Last Post: 03-10-2006, 05:59 PM
By poooh in forum Domain NamesReplies: 4Last Post: 07-30-2005, 04:58 AM
By Joshua in forum WebHostingTalk Subscribers ClubReplies: 9Last Post: 02-26-2004, 06:26 PM
By SuperSix in forum Web Hosting LoungeReplies: 0Last Post: 06-13-2003, 12:16 AM