[6709] in bugtraq
Re: 3Com switches - undocumented access level.
daemon@ATHENA.MIT.EDU (der Mouse)
Fri May 8 15:47:18 1998
Date: Fri, 8 May 1998 13:18:24 -0400
Reply-To: der Mouse <mouse@RODENTS.MONTREAL.QC.CA>
From: der Mouse <mouse@RODENTS.MONTREAL.QC.CA>
To: BUGTRAQ@NETSPACE.ORG
> From: [presumably someone at 3Com -dM]
> Sent: Friday, May 08, 1998 3:32 PM
> Subject: Re: FW: 3Com switches - undocumented access level.
> [L]et me assure you that the undocumented access level for the
> LANplex/Corebuilder products are purely for support reasons then
> anything else. We have many cases where customers will forget their
> passwords or userids and find themselves in a spot as they could not
> get in to the console. This is the only way we can help them to
> recover from this situation without losing their entire
> configuration. [...]
Excuse me for being blunt, but: poppycock. Pure spin-doctoring. I can
think of at least two other ways right off the top of my head.
One would be to give the switches in question a physical setting (a
back-panel switch, a jumper on the pc board, whatever) that overrides
the password somehow - for example, causes any password to be accepted.
(Of course, one would not normally run with the hardware set this way.)
Another would be to keep the password information in a separate NVRAM
from the rest of the configuration, so that either can be reset without
having to touch the other.
Either of these would be an appropriate disaster-recovery mechanism.
A "secret" backdoor access mechanism is not.
To anyone receiving this message: you are welcome to forward it to
anyone you please.
der Mouse
mouse@rodents.montreal.qc.ca
7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
