[40618] in bugtraq
Planet Technology Corp FGSW2402RS switch default password /
daemon@ATHENA.MIT.EDU (lms@fe.up.pt)
Thu Oct 6 12:22:42 2005
Message-ID: <20051006015227.bsuzficvgo0sw8ck@webmail.fe.up.pt>
Date: Thu, 06 Oct 2005 01:52:27 +0100
From: lms@fe.up.pt
To: bugtraq@securityfocus.com
Cc: tito@fe.up.pt
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="=_14so3jrahahw"
Content-Transfer-Encoding: 7bit
This message is in MIME format.
--=_14so3jrahahw
Content-Type: text/plain;
charset=ISO-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hello all,
Today i discovered a pseudo backdoor [thru a default password] while trying=
to
reset the password on a Planet Technology Corp FGSW2402RS switch.
Allthough i dont consider this to be a real problem since the only access s=
eems
to be thru the serial port, i would like to share this with the community s=
ince
it isnt documented *anywhere* and Planet Technology Corp doesnt even reply =
to
emails asking for support on their products.
So...we start with a common ASCII analisys of the firmware [revision 1.2]:
root@leonardo-root ~/planet# strings FGSW-2402RS_ISP_1.2.txt
...
admin
[^_^]
ISPMODE
...
root@leonardo-root ~/planet#
Admin is the obvious login and ISPMODE is the password used for uploading a=
new
firmware to the equipment.
If we connect to the equipment and send admin as the login and "[^_^]" as t=
he
password we get the same login prompt again (as if the password had failed)=
and
the password has now been reset to "".
Best regards,
+-------------------------
| Lu=EDs Miguel Silva
| Security Consultant
| Centro de Inform=E1tica Correia Ara=FAjo
| Faculdade de Engenharia da
| Universidade do Porto
--=_14so3jrahahw
Content-Type: application/pgp-keys
Content-Description: PGP Public Key
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.7 (GNU/Linux)
mQGiBEJ54SIRBADAP8EoAbhyKi2KL6uBEELULwp5ZzzpZAw8WsZM8mcO8oR1Nil4
mRR4JChbGz/wYSkbohT+aQa/Y+0+7kvxrDOyGp09uYL/BJn2FaM3sIgiymMsQtws
B6V3CJvy3/Zu0zv/mbFvAdQ8xvXI5OVxCrp+0TDtjX6wMew15/b6WW80swCgof0f
hiDPYobvBQ7hxCLx+4Do7v0EAIlujL3WKdw6tPcETXS3f98aidJc6xW6WmkoHjAD
S46blE42n6FQMAzlNZhEtPIMbprvG11n9otIm8wp3l8TR+JcyIQYPcs49ANqGkPn
LkaFTn5wksgRmviNjF2DjCJ0ZGoU9Q63ABVeOhKyxB45g+1CPr5dVLZiUTb3ow1/
3ZIwA/49D7LQofEfCLrVpylmvcdy5aB0N5KdsRprlL2BVnrs64Wzg3NOYe5VUgx5
ijX1bSUtygb5If3ZyS4Bhg5M9qQ9qaowLBQCwz8DXC7uziCMFmK9bTk65S82EjLa
mEZtGpAIMsoLl5XH7HQuIan08Bsj0izjS6VCSjhh/FGifmeTKrQWQ1NJUlQgPGNz
aXJ0QGZlLnVwLnB0PohbBBMRAgAbBQJCeeEiBgsJCAcDAgMVAgMDFgIBAh4BAheA
AAoJEAgMJjFz7arDguEAn0nxaAN79mFWG3DsoSlsvFDFbhtNAKCbhwj8q1wuRPq+
uvOP5tPoEPgY6rkCDQRCeeE2EAgAsDmqBdsgpuhl1bqTnaQXi3RyVZAmlGygD2mL
0nFmQ2RKvzr0XnwVMYdaWe7A0PoeopMnBERHuSOQ63Rwlj3UmfD5EjTeVjls1RvK
kM/cwaI7WO0Q/UY1hEufuq5v47HnWAxPThRmk0HH5JuwD/6T5xV1HCjPzCtqMyWN
XbkICUoBl4bL07y5zxCRv2+MicMZ1RJtqcLLzy7arNkXT5B2FzZ639NXw4+b8taT
FKaTPaM0EIZASdmPiSbJDHShJU1dxgLD4GfKUZnm+aMZfzeYtdScTXfnENBZQ2Wq
H4h7cSFyrcLgKhJhc1OYQN9r11pwC+J2/v3CFqwciK6D5wLeCwADBgf/R4h04HFT
VQCwwUoMFcVVh5IGneEZ69YUz32A7pdsY66PZwYFVMdRPYyYvnSJWOoWaWnbTAB+
fFk6zXIJ9Pkg7uYvcGylQyR7kNkPNG50WNgv185V7+0z8qR3NtQGDsrVs6KtGRdd
iLx+PjJrxNfPJ4o9tU6Il1Fy2bRwofbQB2s2Z3D22lEnRN9za1qDaqrTQJ0O0WqS
3PTZWgS0F3vKBC4zoBt/SNLPet/Ir0St0Bj/DOafC1jdsTOxTOFemSUXyNaALIqR
Fiu7TsJolxfP0g7LEFKdlb5kI+9W8ygZynqZJ4wLkW/U/hwQ8qen/pdEEA4+fR+v
1gvi2D1geoMrPYhGBBgRAgAGBQJCeeE2AAoJEAgMJjFz7arD9+EAn3LiGxtXm7uz
eH5AmShOriB3wtH6AJwOyQjQj2j4ztKzBPPM70rMtn8NPA==
=xFjz
-----END PGP PUBLIC KEY BLOCK-----
--=_14so3jrahahw--
