[24189] in bugtraq
Hewlett Packard AdvanceStack Switch Managment Authentication Bypass Vulnerability
daemon@ATHENA.MIT.EDU (Tamer Sahin)
Fri Feb 8 11:48:01 2002
Message-ID: <003701c1b074$406fd3d0$b98f83d9@ts>
Reply-To: "Tamer Sahin" <ts@securityoffice.net>
From: "Tamer Sahin" <ts@securityoffice.net>
To: <bugtraq@securityfocus.com>
Date: Fri, 8 Feb 2002 09:42:51 +0200
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hewlett Packard AdvanceStack Switch Managment Authentication Bypass
Vulnerability
Type:
Access Validation Error
Release Date:
February 8, 2002
Product / Vendor:
HP AdvanceStack 10Base-T Switching Hubs combine economical 10Base-T
functionality with the performance of switching. Each switching hub
starts out as a simple, single-segment, shared 10Base-T hub.
http://www.hp.com
Summary:
A problem with the HP switch allows some users to change
configuration of the switch. A bug introduced in the HP AdvanceStack
J3210A that could allow users full access on the switch. Upon taking
advantage of this vulnerability, the user could change the
configuration of the switch and could change admin password.
Therefore, it is possible for a superuser password changing with
unprivileged access on the switch to gain elevated privileges, and
potentially change configuration of the switch.
Exploit:
An attacker can get unauthorized access to the switch read/write
password change page this page http://host/security/web_access.html
and change superuser password. Connect superuser privileged via Web
or Telnet.
Tested:
HP J3210A AdvanceStack
Vulnerable:
HP J3210A AdvanceStack
Disclaimer:
http://www.securityoffice.net is not responsible for the misuse or
illegal use of any of the information and/or the software listed on
this security advisory.
Author:
Tamer Sahin
ts@securityoffice.net
http://www.securityoffice.net
Tamer Sahin
http://www.securityoffice.net
PGP Key ID: 0x2B5EDCB0
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQA/AwUBPGOBeruLpFMrXtywEQKW3wCgqbksI86Ux1LfIDwmI7jyq3jX3JgAoPAB
lOcQNvFblLfg5xdxVm405wto
=d4o/
-----END PGP SIGNATURE-----
