mailing list archives
Re: Default password in Bay Networks switches.
From: colinj () PSILINK CO UK (Colin Johnston)
Date: Sun, 20 Feb 2000 22:14:02 -0000
After the baystack code fix (203 code) last year which fixed telnet backdoor
known password, not however console backdoor known password issue,
I would have thought Nortel would have made some official comment ??
Hot news :)
in latest 3.0 code pdf file a comment is made about backdoor password issue
"Updated backdoor password mechanism"
I am a bit concerned about this comment above - what does it mean ??
Has the backdoor password mechanism(code) been deleted for good ??
Date: Wed, 10 Mar 1999 14:48:58 -0800
From: Jan B. Koum <jkb () BEST COM>
To: BUGTRAQ () NETSPACE ORG
Subject: Default password in Bay Networks switches.
Ok.. so you would think after 3Com $%#& up last year of inserting
default password into firmware vendors would learn their lesson?
[See http://geek-girl.com/bugtraq/1998_2/0340.html for 3com rant]
Hah! Welcome to the world of strings and Bay Networks firmware
files. I have looked at some bay networks switches and see that
the following have default password of "NetICs"
BayStack 350T HW:RevC FW:V1.01 SW:V18.104.22.168
BayStack 350T HW:RevC FW:V1.01 SW:V22.214.171.124
These however I was not able to find defaults for:
BayStack 350-24T HW:RevA FW:V1.04 SW:V126.96.36.199
Bay Networks BayStack 303 Ethernet Switch
BayStack 28115/ADV Fast Ethernet Switch
If you have firmware images for the above, just
% strings *.img | grep -B5 "Invalid Password"
Something similar to this command might give you the passwd.
Of course I don't have to tell you about how bad it is when
someone can control your network infrastructure (switches).
I don't have much experience with Bay hardware (in fact, I have
none - someone at work just asked me to help them get into a
switch for which they forgot the password). If someone can
shed some light on this topic, it would be great.
And yes, I consider this to be a backdoor - wouldn't you call it
a backdoor if Solaris had default password for root logins?
How can vendors in 1999 even THINK about something as stupid as
inserting a default password like this into a switch!?!?
Granted - I am almost sure Bay didn't have evil intentions for
the use .. but still. I am speechless.
P.S. - Greetz to the inhabitants of #!adm and #!w00w00
- Re: Default password in Bay Networks switches. Colin Johnston (Feb 20)