Vulnerability Development mailing list archives
Re: news story and router passwords
From: Ralph Moonen <ralph () TINK ORG>
Date: Thu, 12 Oct 2000 20:09:44 +0200
At 16:35 12-10-00 +0200, Vitaly Osipov wrote:
Hello all, I think everybody knows that media reporting on hackers and their tools is, ehm, very improper :) I've read one article recently http://www.denverpost.com/business/biz1012d.htm ) in which it is clamed that some hacker after sniffing router password changed it and made *something* after that they were not able to recover that password. Have somebody heard of such problems (it looks like they were using cisco, because they say - "If this guy posts how he actually did this, the whole Internet's wide open." )? AFAIK ciscos have password recovery procedures, at least those which are not low-end. Frankly speaking I'd suppose that they just did not back up their config :) (because it looks like they even did not use access-lists etc.)
Don't believe anything they write. If he sniffed the enable password, he could easily change the password and store it in the config file encrypted. The admin would then have to reboot the box and from the console, enter the debug mode whence it is possible to change anything. Including unknown passwords. --Ralph
Current thread:
- Netscape crashes, sec. bug? Sylvan Ravinet (Oct 10)
- Re: Netscape crashes, sec. bug? Erik Tayler (Oct 10)
- Cisco 678 exploit George (Oct 11)
- news story and router passwords Vitaly Osipov (Oct 12)
- Re: news story and router passwords Talisker (Oct 12)
- Re: news story and router passwords Mathias Wegner (Oct 13)
- Re: news story and router passwords Ralph Moonen (Oct 12)
- Re: news story and router passwords Lincoln Yeoh (Oct 12)
- Re: news story and router passwords Mark Teicher (Oct 13)
- Re: news story and router passwords Talisker (Oct 13)
- Re: news story and router passwords Mark Teicher (Oct 14)
- Re: news story and router passwords Talisker (Oct 14)
- Re: news story and router passwords Mark Teicher (Oct 14)
- Cisco 678 exploit George (Oct 11)
- Re: Netscape crashes, sec. bug? Erik Tayler (Oct 10)
- Re: news story and router passwords Jim Duncan (Oct 13)
- Re: Cisco 678 exploit Damir Rajnovic (Oct 12)
- Re: Cisco 678 exploit Joe (Oct 12)
- Re: Cisco 678 exploit Damir Rajnovic (Oct 12)