[21486] in bugtraq
Re: cayman strikes again
daemon@ATHENA.MIT.EDU (Jon O .)
Sun Jul 15 22:25:21 2001
Date: Tue, 10 Jul 2001 23:32:45 -0700
From: "Jon O ." <jono@microshaft.org>
To: Russell Handorf <rhandorf@mail.russells-world.com>
Cc: bugtraq@securityfocus.com, klp@securityfocus.com
Message-ID: <20010710233245.B10366@networkcommand.com>
Reply-To: "jono@networkcommand.com" <jono@microshaft.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="EuxKj2iCbKjpUGkD"
Content-Disposition: inline
In-Reply-To: <4.2.0.58.20010711012943.00b4e828@mail.russells-world.com>; from rhandorf@mail.russells-world.com on Wed, Jul 11, 2001 at 01:31:11AM -0400
--EuxKj2iCbKjpUGkD
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Whoa now, this is because you never set the default "user" password to some=
thing other than empty space Cayman so thoughtfully set it to by default. S=
o, from what I can tell, '}' isn't any special back door username. At least=
not in:
GatorSurf 5.6.2
login: }
Password:
Login incorrect
However, just another example of a company leaving their users open to stup=
id attacks, hacks and providing DDoS ammo. Cayman, please require the user =
to set BOTH passwords before doing anything else and/or at least warn them.=
..
Thanks,
Jon
On 11-Jul-2001, Russell Handorf wrote:
> try using '}' as a username without a password for cayman routers.
>=20
> login: }
> Password:
>=20
> Terminal shell v1.0
> Cayman-DSL Model 3220-H, DMT-ADSL (Alcatel) plus 4-port hub
> Running GatorSurf version 5.3.0 (build R1)
> (} completed login: user level)
>=20
> Cayman-DSL{SNIP}>
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> Russell Handorf
> a.k.a. a deity called alphonzo
>=20
> visit a website of mine
> www.russells-world.com
> www.soilentgreen.com
> www.soilentgreenispeople.com
> www.aol-secrets.org
> www.inside-aol.com (I just host that one)
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--EuxKj2iCbKjpUGkD
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE7S/MM6nXMS6O+1XQRApxEAJ9MkleTM4CHmMlJUGCRHr07Pc8O/gCfYYuA
ruEy3VuAqZ7YABvuyQ08Z3g=
=TNgC
-----END PGP SIGNATURE-----
--EuxKj2iCbKjpUGkD--
