Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: news story and router passwords

From: Ralph Moonen <ralph () TINK ORG>
Date: Thu, 12 Oct 2000 20:09:44 +0200
At 16:35 12-10-00 +0200, Vitaly Osipov wrote:

Hello all,

I think everybody knows that media reporting on hackers and their tools is,
ehm, very improper :)
I've read one article recently
 http://www.denverpost.com/business/biz1012d.htm  ) in which it is clamed
that some hacker after sniffing router password changed it and made
*something* after that they were not able to recover that password. Have
somebody heard of such problems (it looks like they were using cisco,
because they say  - "If this guy posts how he actually did this, the whole
Internet's wide open." )? AFAIK ciscos have password recovery procedures, at
least those which are not low-end.

Frankly speaking I'd suppose that they just did not back up their config :)
(because it looks like they even did not use access-lists etc.)


Don't believe anything they write. If he sniffed the enable password, he
could easily
change the password and store it in the config file encrypted.
The admin would then have to reboot the box and from the console, enter the
debug mode
whence it is possible to change anything. Including unknown passwords.

--Ralph
Previous By Date Next
Previous By Thread Next

Current thread: