Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Bay Networks Security Hole
From: gert () GREENIE MUC DE (Gert Doering)
Date: Thu, 14 May 1998 20:00:43 +0200


Kirby Dolak wrote:
2. Bay recommends that both accounts (User and Manager) have passwords
assigned. Both have default/null passwords as they ship from the factory,
just like a Unix system.  The administrator should immediately take
measures to secure the system, at initial system install, so that an
unauthenticated user/manager doesn't have
access to device management information, such as the community names and
addresses via telnet/console.

I like the way Cisco approaches this issue.

Unless you set a login password, or enable some kind of "aaa authentication"
service, you CANNOT LOGIN AT ALL over network.

And if you are logged in to an unprivileged account, you cannot become
superuser unless you have already set the enable password from the console.

This is VERY good.

No need to "recommend" anything, it's just "secure out of the box".  If
you neglect to configure the password, it just isn't accessible at all
(except from the physical console).


USENET is *not* the non-clickable part of WWW!
Gert Doering - Munich, Germany                             gert () greenie muc de
fax: +49-89-35655025                        gert.doering () physik tu-muenchen de

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]