RE: Trivial root compromise in Gateway GS-400 NAS Servers

[Quarantine <Quarantine () GSCCCA ORG>]

This is the root password on a GS-400 that we have.  We're returning ours
because of several other problems we've had.  From a letter from Gateway
dated 7/26:

"The GS-400 Network Storage Device which you purchased from Gateway has
experienced several technical issues.  As of this date, these issues have
not been resolved by the vendor of the product, and we have been advised
that the company is not pursuing a resolution to the techincal issues."

The letter says that Gateway is offering a full refund if your GS-400 is
still under waranty.  However, the person to whom I spoke when coordinating
our return told me that they'll probably take any of them back.

Thanks,
Matt

<snip>
Problem:
The GS-400 servers are shipped with a vendor default root password of
"0001n".  Gateway stated that this was a vendor default, and that the end
user has no way to change the password via provided administrative
utilities.  I have been unable to verify that this password did indeed ship
on other Gateway NAS machines.
</snip>