Home page logo

bugtraq logo Bugtraq mailing list archives

Re: 3Com switches - undocumented access level.
From: durval () TMP COM BR (Durval Menezes)
Date: Wed, 6 May 1998 14:50:37 -0300

Hello again,

A little update: just checked an ASCII dump of the FMS-II Superstack Hub
firmware (3Com's P/N 3c16630a) looking for undocumented username/password
strings and didn't find any... that doen't mean that there isn't one, through.

BTW: Don't you love it when your trusty vendor sticks security backdoors
in their products? :-(   I used to recomend 3Com products to my clients
but now I'm starting to have second thoughts...

There appears to be a backdoor/undocumented "access level" in current (and
possibly previous) versions of 3Com's "intelligent" and "extended"
switching software for LanPlex/Corebuilder switches.

Just checked my 3Com Superstack II intelligent hub and Switches (they have
a similar Telnet interface) and they appear NOT to have this backdoor
(humm, or does the backdoor use a different username/password? I wonder...)

Best Regards,
   Durval Menezes (durval () tmp com br, http://www.tmp.com.br/~durval)

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]