Bugtraq mailing list archives
Re: WebRamp M3 remote network access bug
From: jegelhof () CLOUD9 NET (James Egelhof)
Date: Thu, 21 Jan 1999 15:20:56 -0500
On Thu, 21 Jan 1999, John Stanley wrote:
If you are using this box, and you see this bug, and you have NOT changed the admin password from the default, DO SO IMMEDIATELY.
You obviously can't do anything interesting with the CLI unless you have the password. However, the WebRamp (at least Entre, the ISDN version, which is what I use) includes a default username of "wradmin" and password of "trancell." This gives you full access to the device, either through the CLI or the Windows management software (which seems to use the CLI). You can use the CLI to set up a "Remote Office" connection profile. If you do this, you can make the WebRamp call up a remote site and attach it to your network. Or, you could change the ISP phone number to something else, and thereby get the WebRamp to divulge your password. Other uses for this access are pretty obvious. The real security issue is the presence of the default password, the documentation's lack of insistence on changing it, and the difficulty/impossibility of restricting access to the CLI. Our experiences with Ramp Network's tech support, on other issues, have been less than ideal. -james --- James Egelhof jegelhof () cloud9 net Cloud 9 Consulting, Inc. +1 (914) 696-4000 White Plains, New York http://www.cloud9.net
Current thread:
- Sendmail 8.8.x/8.9.x bugware, (continued)
- Sendmail 8.8.x/8.9.x bugware Gregory Neil Shapiro (Jan 20)
- CFP: New Security Paradigms Workshop 1999 Crispin Cowan (Jan 21)
- Re: Sendmail 8.8.x/8.9.x bugware Phil Stracchino (Jan 21)
- Re: Sendmail 8.8.x/8.9.x bugware Phil Stracchino (Jan 21)
- linux crashes irix6.3 Philipp Schott (Jan 22)
- Re: linux crashes irix6.3 J.A. Gutierrez (Jan 23)
- CERT Advisory CA-99.01 - TCP.Wrappers (fwd) //Stany (Jan 22)
- Misleading CERT Advisory CA-99-01-Trojan-TCP-Wrappers Jochen Thomas Bauer (Jan 22)
- Follow up - IIS 4 logging mnemonix (Jan 23)
- Sendmail 8.8.x/8.9.x bugware Gregory Neil Shapiro (Jan 20)
- WebRamp M3 remote network access bug John Stanley (Jan 21)
- Re: WebRamp M3 remote network access bug James Egelhof (Jan 21)
- Perl.exe and IIS security advisory mnemonix (Jan 22)
- Re: Perl.exe and IIS security advisory Tabor J. Wells (Jan 24)
- Repost: Wietse's FTP site has moved Wietse Venema (Jan 25)
- Using Example Domain Names in Exploits bandregg () REDHAT COM (Jan 25)
- IIS Advisory Update Marc (Jan 24)
- Re: backdoored tcp wrapper source code John Stange (Jan 23)
- SSH 1.x and 2.x Daemon KuRuPTioN (Jan 23)
- Re: SSH 1.x and 2.x Daemon Jan B. Koum (Jan 24)
- Re: SSH 1.x and 2.x Daemon Linux Mailing Lists (Jan 25)