[10112] in bugtraq
Re: Xylan OmniSwitch "features"
daemon@ATHENA.MIT.EDU (willp2)
Tue Apr 6 18:02:06 1999
Date: Tue, 6 Apr 1999 01:20:29 -0400
Reply-To: willp2 <willp2@DREAMSCAPE.COM>
From: willp2 <willp2@DREAMSCAPE.COM>
To: BUGTRAQ@NETSPACE.ORG
I tested this on Xylan's 3.2.5 code.
I could not reproduce the bug.
-----Original Message-----
From: pmsac@TOXYN.ORG <pmsac@TOXYN.ORG>
To: BUGTRAQ@netspace.org <BUGTRAQ@netspace.org>
Date: Monday, April 05, 1999 1:34 PM
Subject: Re: Xylan OmniSwitch "features"
To put things real clear, and as I said in the original post:
-quote-
This was tested on software version 3.1.8 (the latest I can access).
-end quote-
Although I said the user could login/ftp without knowing either user or
password strings, I _didn't_ said it would be just a matter of
entering random characters and pressing carriage return (that would be
a really funny one, but hey, it's not much further from the real thing).
- copy & paste ---------------------------------------------------------
[pmsac@localhost pmsac]$ telnet switch
Trying www.xxx.yyy.zzz...
Connected to www.xxx.yyy.zzz.
Escape character is '^]'.
Welcome to the Xylan OmniSwitch! Version 3.1.8
login : ajsdkal
password:
**********************************************************************
Xylan OmniSwitch - Copyright (c), 1994-1998 XYLAN Inc.
All rights reserved.
-end copy & paste ------------------------------------------------------
When you get the password prompt, just press ctrl+d (^D), the user
string is arbitrary. You won't get privileges to run any command, not
even the "exit" one, you have to close the connection "manually".
