Re: 3Com switches - undocumented access level.

durvalTMP.COM.BR

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Riku Meskanen: "Re: 3Com switches - undocumented access level."
• Previous message: Jean-Francois Malouin: "Re: 3Com switches - undocumented access level."
• In reply to: Durval Menezes: "Re: 3Com switches - undocumented access level."
• Next in thread: Riku Meskanen: "Re: 3Com switches - undocumented access level."

Hello again,

A little update: just checked an ASCII dump of the FMS-II Superstack Hub
firmware (3Com's P/N 3c16630a) looking for undocumented username/password
strings and didn't find any... that doen't mean that there isn't one, through.

BTW: Don't you love it when your trusty vendor sticks security backdoors
in their products? :-(   I used to recomend 3Com products to my clients
but now I'm starting to have second thoughts...

> > PROBLEM:
> > There appears to be a backdoor/undocumented "access level" in current (and
> > possibly previous) versions of 3Com's "intelligent" and "extended"
> > switching software for LanPlex/Corebuilder switches.
>
> Just checked my 3Com Superstack II intelligent hub and Switches (they have
> a similar Telnet interface) and they appear NOT to have this backdoor
> (humm, or does the backdoor use a different username/password? I wonder...)

Best Regards,
--
   Durval Menezes (durvaltmp.com.br, http://www.tmp.com.br/~durval)

• Next message: Riku Meskanen: "Re: 3Com switches - undocumented access level."
• Previous message: Jean-Francois Malouin: "Re: 3Com switches - undocumented access level."
• In reply to: Durval Menezes: "Re: 3Com switches - undocumented access level."
• Next in thread: Riku Meskanen: "Re: 3Com switches - undocumented access level."