Home page logo

bugtraq logo Bugtraq mailing list archives

Re: 3Com switches - undocumented access level.
From: mouse () RODENTS MONTREAL QC CA (der Mouse)
Date: Fri, 8 May 1998 13:18:24 -0400

From: [presumably someone at 3Com -dM]
Sent:   Friday, May 08, 1998 3:32 PM
Subject:        Re: FW: 3Com switches - undocumented access level.

[L]et me assure you that the undocumented access level for the
LANplex/Corebuilder products are purely for support reasons then
anything else.  We have many cases where customers will forget their
passwords or userids and find themselves in a spot as they could not
get in to the console.  This is the only way we can help them to
recover from this situation without losing their entire
configuration.  [...]

Excuse me for being blunt, but: poppycock.  Pure spin-doctoring.  I can
think of at least two other ways right off the top of my head.

One would be to give the switches in question a physical setting (a
back-panel switch, a jumper on the pc board, whatever) that overrides
the password somehow - for example, causes any password to be accepted.
(Of course, one would not normally run with the hardware set this way.)

Another would be to keep the password information in a separate NVRAM
from the rest of the configuration, so that either can be reset without
having to touch the other.

Either of these would be an appropriate disaster-recovery mechanism.

A "secret" backdoor access mechanism is not.

To anyone receiving this message: you are welcome to forward it to
anyone you please.

                                        der Mouse

                               mouse () rodents montreal qc ca
                     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]