[6690] in bugtraq
Re: 3Com switches - undocumented access level.
daemon@ATHENA.MIT.EDU (Durval Menezes)
Thu May 7 15:08:32 1998
Date: Wed, 6 May 1998 14:50:37 -0300
Reply-To: Durval Menezes <durval@TMP.COM.BR>
From: Durval Menezes <durval@TMP.COM.BR>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199805061259.JAA17757@liliput.tmp.com.br> from "Durval Menezes"
at May 6, 98 09:59:45 am
Hello again,
A little update: just checked an ASCII dump of the FMS-II Superstack Hub
firmware (3Com's P/N 3c16630a) looking for undocumented username/password
strings and didn't find any... that doen't mean that there isn't one, through.
BTW: Don't you love it when your trusty vendor sticks security backdoors
in their products? :-( I used to recomend 3Com products to my clients
but now I'm starting to have second thoughts...
> > PROBLEM:
> > There appears to be a backdoor/undocumented "access level" in current (and
> > possibly previous) versions of 3Com's "intelligent" and "extended"
> > switching software for LanPlex/Corebuilder switches.
>
> Just checked my 3Com Superstack II intelligent hub and Switches (they have
> a similar Telnet interface) and they appear NOT to have this backdoor
> (humm, or does the backdoor use a different username/password? I wonder...)
Best Regards,
--
Durval Menezes (durval@tmp.com.br, http://www.tmp.com.br/~durval)