Bay Networks Security Hole

[marty () SLACK NET (Marty Rigaletto)]

vendor: bay networks
product: bay access node/wellfleet routers

Ok, in this day and age it is becomming increasingly difficult for the
low-level, system cracker, bottom feeders who frequent the net to
gain access to larger corporate and government sites due to firewall
implementation, so I'm posting this to help the administrators
stay one step ahead.

The problem with the bay boxes is that by default the two system accounts
on the machine are not passworded. Now, usually the "Manager" account
on the machine is passworded by the administrator, however, the "User"
account is often left untouched. While the "User" account has restricted
access, it can be a huge security hole, especially when these machines are
used for the purposes of IP filtering (a firewall).

Because the bay machines have snmp configuration capabilities, anyone
knowing the snmp string for the machine or snmp community could edit
routing tables and IP filtering rules with any snmp management software or
the bay networks software they put out for solaris and just recently NT.

All a proposed attacker would have to do is telnet to the router, login
as "User", and issue a single command, "sho snmp community". Then adjust
his or her snmp software to use that string and IP address, and b00m,
sucks to be you.

recommended fix: uhh..password "User"


- Marty Rigaletto


   "On the bulletin boards nobody knew if you attended a special
    school."

           - d. freedman (from "At Large", in regards to Phantomd)