Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Re: 3Com switches - undocumented access level.

Re: 3Com switches - undocumented access level.

From: Durval Menezes <durval_at_TMP.COM.BR>
Date: Wed, 6 May 1998 14:50:37 -0300

Hello again,

A little update: just checked an ASCII dump of the FMS-II Superstack Hub
firmware (3Com's P/N 3c16630a) looking for undocumented username/password
strings and didn't find any... that doen't mean that there isn't one, through.

BTW: Don't you love it when your trusty vendor sticks security backdoors
in their products? :-( I used to recomend 3Com products to my clients
but now I'm starting to have second thoughts...

> > PROBLEM:
> > There appears to be a backdoor/undocumented "access level" in current (and
> > possibly previous) versions of 3Com's "intelligent" and "extended"
> > switching software for LanPlex/Corebuilder switches.
>
> Just checked my 3Com Superstack II intelligent hub and Switches (they have
> a similar Telnet interface) and they appear NOT to have this backdoor
> (humm, or does the backdoor use a different username/password? I wonder...)

Best Regards, 

--
   Durval Menezes (durval@tmp.com.br, http://www.tmp.com.br/~durval)
Received on May 07 1998
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos