[10120] in bugtraq
Re: Xylan OmniSwitch "features"
daemon@ATHENA.MIT.EDU (Shelton, Raymond A.)
Wed Apr 7 14:33:20 1999
Date: Tue, 6 Apr 1999 13:23:28 -0500
Reply-To: "Shelton, Raymond A." <SheltonR@HEALTH.MISSOURI.EDU>
From: "Shelton, Raymond A." <SheltonR@HEALTH.MISSOURI.EDU>
To: BUGTRAQ@NETSPACE.ORG
Okay, who _can_ duplicate this (serial connections to the console port don't
count.)
Regards,
Raymond A. Shelton
> -----Original Message-----
> From: Jeff Murphy [SMTP:jcmurphy@SMURFLAND.CIT.BUFFALO.EDU]
> Sent: Monday, April 05, 1999 12:18 PM
> To: BUGTRAQ@NETSPACE.ORG
> Subject: Re: Xylan OmniSwitch "features"
>
> Jeff Murphy <jcmurphy@SMURFLAND.CIT.BUFFALO.EDU> writes:
>
> > we tried this with Version 3.2.5.17 and we're able to get in.
>
> ^^^^
> i meant to type "weren't" but left out a couple letters.
> i.e. we can not get in using your instructions.
>
> >
> > -- inserted text --
> >
> > > Number one: anyone can telnet to the switch and login, without knowing
> > > either user or passwod strings. No permission will be given to perform
> >
> > If I understand this, I can hit CR and get in. Just hitting CR keeps
> > returning the login prompt, using any other character gets me to
> password,
> > but CR returns login failure.
> >
> > > Number two: anyone can ftp to the switch, whitout knowing either user
> or
> > > password strings.
> >
> > Nope, couldn't get in.
> >
> > -- end inserted text --
