mailing list archives
Re: 3Com switches - undocumented access level.
From: durval () TMP COM BR (Durval Menezes)
Date: Wed, 6 May 1998 14:50:37 -0300
A little update: just checked an ASCII dump of the FMS-II Superstack Hub
firmware (3Com's P/N 3c16630a) looking for undocumented username/password
strings and didn't find any... that doen't mean that there isn't one, through.
BTW: Don't you love it when your trusty vendor sticks security backdoors
in their products? :-( I used to recomend 3Com products to my clients
but now I'm starting to have second thoughts...
There appears to be a backdoor/undocumented "access level" in current (and
possibly previous) versions of 3Com's "intelligent" and "extended"
switching software for LanPlex/Corebuilder switches.
Just checked my 3Com Superstack II intelligent hub and Switches (they have
a similar Telnet interface) and they appear NOT to have this backdoor
(humm, or does the backdoor use a different username/password? I wonder...)
Durval Menezes (durval () tmp com br, http://www.tmp.com.br/~durval)