Re: Default password in Bay Networks switches.

jogreenNORTELNETWORKS.COM

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: security-alertcisco.com: "Cisco security notice: Cisco 7xx TCP and HTTP vulnerabilities"
• Previous message: Dax Kelson: "Re: Default password in Bay Networks switches."
• Next in thread: Dmitry Kohmanyuk =?KOI8-R?B?5M3J1NLJyiDrz8jNwc7Ayw==?=: "Re: Default password in Bay Networks switches."

>	And yes, I consider this to be a backdoor - wouldn't you call it
>	a backdoor if Solaris had default password for root logins?
>	How can vendors in 1999 even THINK about something as stupid as
>	inserting a default password like this into a switch!?!?
>	Granted - I am almost sure Bay didn't have evil intentions for
>	the use .. but still. I am speechless.

This was fixed in version 2.0.3.4 of the BS350 code last November.
The backdoor is still there for console access, but not for telnet.
This problem only affected the Baystack 350T and 350F, it did not
affect the 350-24T or 450.  Also, note that the 350 has always had the
ability to limit telnet logins to certain source addresses; it is
recommended that that feature be used.

Software upgrades for the 350 can be found at
http://support.baynetworks.com under Software.  If you don't
have a support contract, call (800) 2LANWAN.

-Jon


-------------------------------------------------------------------
Jon Green				4301 Great America Pkwy
Senior Competitive Test Engineer	Santa Clara, CA 95054
Nortel Networks				(408) 495-2618 Voice
jogreennortelnetworks.com		(408) 495-4540 Fax
-------------------------------------------------------------------

• Next message: security-alertcisco.com: "Cisco security notice: Cisco 7xx TCP and HTTP vulnerabilities"
• Previous message: Dax Kelson: "Re: Default password in Bay Networks switches."
• Next in thread: Dmitry Kohmanyuk =?KOI8-R?B?5M3J1NLJyiDrz8jNwc7Ayw==?=: "Re: Default password in Bay Networks switches."