[8772] in bugtraq
Re: Fwd: Re: 3com
daemon@ATHENA.MIT.EDU (Eric Wanner)
Tue Dec 22 14:34:05 1998
Date: Mon, 21 Dec 1998 23:06:43 -0700
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Eric Wanner <ericw@FUTUREONE.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199812211926.LAA27365@pop.thegrid.net>
NMC card? The only card you can telnet to is the NAC (Network Access
Card, I believe). The bug appears to be present on this card.
--
Eric Wanner
Head Systems Administrator
FutureOne, Inc.
602-385-3379
http://home.futureone.com
EfNet: holobyte
On Mon, 21 Dec 1998, Entropy wrote:
> The software that 3com has developed for running the NMC (network
> management card) for the Total Control Hubs is a bit shady.
> After uploading the software ( as one must do) YOU will notice a login
> account called "adm" with no password.
> Naturally no one wants the "adm" login there, so they delete it from the
> configuration, and go on programming the box. Once the box has been
> programmed and is ready to take calls, it is necessary to save all
> settings, and hardware reset the box, at this point the box is fully
> configured, and ready to
> take calls. The problem is this, the "adm" login requiring no password, is
> still there after the hardware reset!!! It cannot be deleted!
> I have ran a trace route on over 37 ISP's, found there HD box's, and
> have been able to get
> into 21 of them through this security hole!
> The admin that programmed the box has no reason to go back into the
> configuration after doing the
> hardware reset, he has already gone over and double checked his settings,
> they all looked good, and hardware reset has gone into action as the last
> step.., he has no clue that the "adm" he has deleted is still there, and
> active.
> In order to stop the "adm" login one can only dis-able the "adm"
> login, not delete it....this is the only way to stop the login.
>
> I have tested this on the current, and last 3 releases of software put out
> by 3com for the NMC card. 3Com has been notified
>
> I hope this helps.
>
> Entr0py
>
