OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Keith T. Morgan (keith.morgan_at_terradon.com)
Date: Wed Aug 14 2002 - 13:38:55 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Overview:
    The Gateway GS-400 server is an IDE software raid machine backened by a customized Linux distribution. The system is managed by a web-based management console running under an "admin" user context.

    Problem:
    The GS-400 servers are shipped with a vendor default root password of "0001n". Gateway stated that this was a vendor default, and that the end user has no way to change the password via provided administrative utilities. I have been unable to verify that this password did indeed ship on other Gateway NAS machines. However, the password file is un-shadowed, and if this is not the only password shipped, but only an example of the password strength used, cracking the password should be trivial (5^36). The Linux back-end of the GS-400 NAS software is accessible by telnetting to the server on port 1023.

    Vendor response:
    Gateway stated that a letter has been sent to all owners of GS-400 servers providing customers with the opportunity to return them. Gateway has also stated that the GS-400 servers are completely unsupported, and that they would not release an official advisory or security work around. Gateway stated that telnetting to the machine and logging in voids warranty. Thus, by logging in, su-ing to root, and changing the password, your warranty is voided.

    The views, and information submitted here are entirely my own, and are not those of my employer.

    Keith T. Morgan
    Part Time Motorcycle Road-Racer
    keith.morganterradon.com