[3646] in bugtraq
Re: BoS: Magic password of some linux-box(Hardware..)
daemon@ATHENA.MIT.EDU (Sergei A. Golubchik)
Tue Nov 19 13:30:39 1996
Date: Tue, 19 Nov 1996 19:43:16 +0300
Reply-To: "Sergei A. Golubchik" <serg@infomag.mipt.rssi.ru>
From: "Sergei A. Golubchik" <serg@infomag.mipt.rssi.ru>
X-To: Seo Euiseong <paladin@intersys.kaist.ac.kr>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <199611180333.MAA29024@intersys.kaist.ac.kr>
On 18-Nov-96 Seo Euiseong wrote:
> > In recent, there are lots of host runs Linux, FreeBSD, etc...
> Many administrarot believes that System Password that main board support is
> fully secure to prevent the console hacker from cracking in front of the syste
m
> But, It is a very "Unsecure" thought.
> A few days ago, my friend mistyped his console password, "condo,".
> The BIOS vendor of his system was AWARD.
> Then, The BIOS accept the password like a real password and booting,
> gives the permission to set up the bios.
> I thought that it was a bug of a version of award bios.
> But, It's not true. Unfortunately almost versions of award bios has the
> magic password "condo,"
> I was very afraid of the increasing of console hacking on many linux box.
> I wanna know the real fact of this magic password, and How can I disable it.
It's very strange that you didn't hear about AWAR -BIOS passwords
earlier. It was a surprise, that "condo," is also universal password
(though I didn't test it) You may also check AWARD_SW and j322 to see,
that there are many "universal passwords" on AWARD BIOS.
You see, there may not be great increase in console hacking using AWARD
passwords, because, these passwords is not a secret at all.
And you cannot disable them.
----------------------------------
Regards, SerG
