Bugtraq mailing list archives

Cisco 675 password nonsense

From: jobe () UNBROKEN COM (jobe smithe)
Date: Tue, 10 Aug 1999 00:27:48 -0500


[ WARNING: This post contains no new information and may be considered by
some to be a waste of valuable time. I submit this merely as something to be
pondered over coffee. There is no great hack here and no source is included
due to its simplistic nature. ]

Hello:

The recent posts to Bugtraq regarding Passwordless Cisco 675 got me curious
enough to kludge together some perl and try to gather some stats to see how
pervasive this problem was across a few /24s. NOTE: passwordless equipment
is certainly not exclusive to the Cisco 675, it is a laziness issue and
simply that IMO.

Some results:

# SCANNING REPORT [ 08/08/99-19:08:44 ]
# CALCULATING USING 774 LIVE HOSTS
#
# TOTAL HOSTS SCANNED       - 1020
# TOTAL HOSTS ALIVE         - 0774  76%
# TOTAL HOSTS DOWN          - 0246  24%
#
# TOTAL HOSTS FULLOPEN      - 0714  92%
# TOTAL HOSTS PROTECTED     - 0060  08%
# --> TOTAL HOSTS NO-EXEC   - 0020  03%
# --> TOTAL HOSTS NO-ENABLE - 0040  05%

This was a highly impromptu scanning effort. The network was a DSL
environment utilizing a few models from the Cisco 600 family.

Of course without some type of organised scanning methodologies (once a day;
once a week; whatever) I cannot claim that this information actually means
anything but it is kind of interesting to see that ~90% of the DSL customers on
-these- subnets are willing to hand out configs from nvram.

Unfortunately this info is probably only interesting/useful to the poor person
paying for the DSL service, or perhaps a network manager.

Do you really want anyone to be able to nab 700+ valid login/passwd pairs from
-your- network -on a whim-?

jøbe

-------------------------------------------------------------------------------
 jøbe - [ jobe AT unbroken DOT com ] - [ www.unbroken.com/jobe/ ]
-------------------------------------------------------------------------------
"It is entirely possible for a configuration of matter resembling a
television set or a belly dancer to pop out of a black hole, however
this is highly improbable." - Issac Asimov, 'Black Holes'
-------------------------------------------------------------------------------

Current thread:

Remote DoS of WebTrends Enterprise Reporting Server, (continued)
- - - Remote DoS of WebTrends Enterprise Reporting Server rpc (Aug 08)
    - sdtcm_convert Joel Eriksson (Aug 08)
    - NetBSD Security Advisory 1999-011 Ross Harvey (Aug 08)
    - MS IE FTP Folder Shell Extension Buffer Overflow s.hird () STUDENT QUT EDU AU (Aug 09)
    - [jen () ettnet se: sdtcm_convert] Joel Eriksson (Aug 09)
    - Bay Annex-Pri Privacy Issues lumpy (Aug 09)
    - Re: Bay Annex-Pri Privacy Issues Eric Vyncke (Aug 10)
    - Re: Bay Annex-Pri Privacy Issues Dick St.Peters (Aug 11)
- Re: Cisco 675 password nonsense The Tech-Admin Dude (Aug 03)
- Re: Cisco 675 password nonsense Francis Bodie (Aug 03)
- Cisco 675 password nonsense jobe smithe (Aug 09)