Bugtraq mailing list archives

Re: BoS: Magic password of some linux-box(Hardware..)

From: serg () infomag mipt rssi ru (Sergei A. Golubchik)
Date: Tue, 19 Nov 1996 19:43:16 +0300


On 18-Nov-96 Seo Euiseong wrote:

In recent, there are lots of host runs Linux, FreeBSD, etc...

Many administrarot believes that System Password that main board support is
fully secure to prevent the console hacker from cracking in front of the syste

But, It is a very "Unsecure" thought.
A few days ago, my friend mistyped his console password, "condo,".
The BIOS vendor of his system was AWARD.
Then, The BIOS accept the password like a real password and booting,
gives the permission to set up the bios.
I thought that it was a bug of a version of award bios.
But, It's not true. Unfortunately almost versions of award bios has the
magic password "condo,"
I was very afraid of the increasing of console hacking on many linux box.
I wanna know the real fact of this magic password, and How can I disable it.


It's very strange that you didn't hear about AWAR -BIOS passwords
earlier. It was a surprise, that "condo," is also universal password
(though I didn't test it) You may also check AWARD_SW and j322 to see,
that there are many "universal passwords" on AWARD BIOS.

You see, there may not be great increase in console hacking using AWARD
passwords, because, these passwords is not a secret at all.
And you cannot disable them.

----------------------------------
Regards, SerG

Current thread:

Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). Leshka Zakharoff (Nov 15)
- Re: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). Kari E. Hurtta (Nov 17)
- Re: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). Alan Brown (Nov 17)
  - Digital Unix v3.x (v4.x?) security vulnerability Eric Augustus (Nov 16)
    - Re: Digital Unix v3.x (v4.x?) security vulnerability hj () globecom net (Nov 17)
  - Re: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). Bryan Reece (Nov 17)
    - Re: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). Simon Karpen (Nov 17)
    - Magic password of some linux-box(Hardware..) Seo Euiseong (Nov 17)
    - rplayd on HPUX 10.1 Henrik P Johnson (Nov 19)
    - Re: BoS: Magic password of some linux-box(Hardware..) Sergiu Popovici (Nov 19)
    - Re: BoS: Magic password of some linux-box(Hardware..) Sergei A. Golubchik (Nov 19)
    - Irix: root exploit for LicenseManager Yuri Volobuev (Nov 19)
    - Re: BoS: Magic password of some linux-box(Hardware..) moost () xs4all nl (Nov 20)
    - Ascend Killer Program Aleph One (Nov 17)
    - Serious hole in Solaris 2.5[.1] gethostbyname() (exploit included) Jeremy Elson (Nov 18)
    - Re: Serious hole in Solaris 2.5[.1] gethostbyname() (exploit Craig Raskin (Nov 18)
    - Re: Serious hole in Solaris 2.5[.1] gethostbyname() (exploit Paul B. Henson (Nov 18)
    - Re: Serious hole in Solaris 2.5[.1] gethostbyname() (exploit Russell Street (Nov 18)
    - ALERT: Solaris 2.5.1 locks up on TCP connections in Pine 3.9x Todd Vierling (Nov 18)
    - Re: ALERT: Solaris 2.5.1 locks up on TCP connections in Pine 3.9x Brian Harvell (Nov 20)
    - ssh w/ solaris 2.5.[1] Aleph One (Nov 18)

(Thread continues...)