Nmap Development mailing list archives
Re: [NSE] accton.nse: OSVDB 67963, Accton products Super User Password Generation Algorithm Weakness
From: David Fifield <david () bamsoftware com>
Date: Tue, 28 Sep 2010 22:53:39 -0700
On Sun, Sep 19, 2010 at 01:24:01PM +0200, Gutek wrote:
This script aims a one-year unpatched vulnerability hidded in many Accton-embedded products, as described by Edwin Eefting, Erik Smit and Erwin Drent @HAR2009. Many switches manufacturers embed Accton products (3Com, Dell, SMC, Foundry, EdgeCore and maybe others). In august 2009 at the HAR2009 Edwin Eefting, Erik Smit and Erwin Drent revealed that Accton has left a management backdoor behind (telnet, SSH and HTTP). Researchers have released a paper explaining their work: http://www.vettebak.nl/hak/accton.pdf While __super is the login, the password can be guessed (computed) from the switches' MAC address. This is what this script does. Be advised that it does not check if the target is an Accton embedded product, neither if the target is actually a vulnerable one: it's non-intrusive.
I think this script would be much more useful if it could detect the backdoor. Is there some pattern of open ports, some unique SSH signature?
It would be nicer if the script could retrieve the target's MAC address by itself but I didn't find such a function in the NSE libraries. Please also note that I did not actually test this script against real vulnerable targets: I don't have any at hand. Hence, this script was tested against known vulnerable MAC addresses and its results were compared with the publishers' ones.
To get a MAC address use host.mac_addr. That only works if Nmap knows it of course. http://nmap.org/book/nse-api.html#nse-api-arguments David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] accton.nse: OSVDB 67963, Accton products Super User Password Generation Algorithm Weakness Gutek (Sep 19)
- Re: [NSE] accton.nse: OSVDB 67963, Accton products Super User Password Generation Algorithm Weakness David Fifield (Sep 28)