Home page logo

bugtraq logo Bugtraq mailing list archives

Re: 3Com switches - undocumented access level.)
From: mesrik () cc jyu fi (Riku Meskanen)
Date: Mon, 11 May 1998 23:31:01 +0300

On Mon, 11 May 1998, Mike Iglesias wrote:
But then some new stuff :)

  Q: Right, but how about SuperStack II Switch 1000, does it has
     undocumented access level?

  A: Yes, try username "monitor", with password "monitor".

The 3 documented logins and passwords on the SuperStack II Switch 1000
are "monitor/monitor", "manager/manager", and "security/security".
monitor has view-only access, while manager and security can change parameters.

Yes this is true, I stand corrected and will promise to try
check documentation in future more carefully.

Why did you think the monitor login was undocumented?

I did not have manuals at home by then. Since the new switches are mostly
installed by our field staff┬╣ I was not aware of these accounts and
thought they were undocumented.

I had only used the "security" account, making joining ELANs and changing
ports to different VLANs etc. Also the passwords for the other accounts
were not changed :(

Seems, we have yet another important issue to talk on the next meeting.

┬╣) I work mostly with the ATM backbone devices, routers and unix hosts.

Looking the SuperStack II Switch 3000 10/100 with version information

        Version Numbers
        Hardware Version:                       5
        Upgradable Software Version:            3.10
        Boot Software Version:                  2.10

while logged in as "security" and descending to USER ACCESS LEVELS,
LOCAL SECURITY, there is following users and options

                Monitor     Secure       Manager   Specialist Security

Console Port    Enabled     Enabled      Enabled   Enabled    Enabled

Remote Telnet   Enabled     Enabled      Enabled   Enabled    Enabled

Community-SNMP  Enabled     Disabled     Disabled  Disabled   Disabled

As the Joao Carlos Mendes Luis <jonny () COE UFRJ BR> and you correctly
pointed out.

The "Specialist" and "Secure Monitor" are not listed in SuperStack II
Switch 3000 10/1000 Users Guide, Document No. DUA1694-2AAA02, May 1997
(Agent Software Version 2.1). But they are enlisted in SuperStack II
Switch ATM OC-3c Module For SuperStack II Switch 1000 and Switch 3000,
Part No. DUA1693-0AAA01, Dec 1996 Appendix B.

The "specialist" or "secure" account does not appear to be let you
in on any password combination I tried, not from console nor from
remote telnet session. I did not found any point where you could
assign password to users "secure" or "specialist", DELETE USERS
option does not provide method to delete these users either.
EDIT USER just lets you edit the user currently logged settings.

The SuperStack II Switch 1000 Release Notes (could not promptly find
the same document for Switch 3000) state in page 7 Documentation Errors
and Omissions.

" Admin Default User Not Supported
  The default user admin is not supported by agent software version
  3.1. Support for this user will be provided by agent software version
  3.2 and above."

By reviewing the first code from LS1K3_10.SLX (Switch 1000 image),
see my earlier posts, the admin string is actually in binary

000a6050    656e746c 79206c6f 67676564 20696e00    ently logged in.
000a6060    6d6f6e69 746f7200 6d616e61 67657200    monitor.manager.
000a6070    61646d69 6e007365 63757269 74790000    admin.security..

but as mentioned above it does seem not to work. We have one Switch
1000 in lab running version 3.21 (LS1K3_21.SLX) I will try to check
it tomorrow, the device happens just to be currently offline and
cant be reached from here (at home again) now.

just a bit confusing...

:-) riku

    [ This .signature intentionally left blank ]

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]