Bugtraq mailing list archives
Re: Preliminary Notice: Cisco LocalDirector enable password loss
From: dustin () spy net (Dustin Sallings)
Date: Mon, 17 Nov 1997 21:50:15 -0800
Being one of the customers involved in the below mentioned incident I feel I must make a full confession ;) Testing from the console and from a telnet session this morning shows that the properly set and written to memory password appears secure. None of my tests this morning succeeded in entering enable mode without a full and valid password entry. I do not know what state the device was in when the attempt outlined below succeeded and I have not been able to duplicate it without removing the password and writing to memory without a password set. I would like to thank Cisco and John for their quick attention to this matter. Cisco remains one of the most professional outfits out there.
Yes, it appears that my problem was not that it took ^C for the password, but that it had completely lost its password but not been nice enough to tell me so, and it's very difficult to just ``discover'' as it still accepts your old password (or anything else you hand it) when it looses one. This isn't quite the behavior I'd prefer[0], but is much better than what I thought was going on. [0] I would prefer, of course, it accepting only blank for an unset password. -- Taos Mountain TS My girlfriend asked me which one I like better. pub 1024/3CAE01D5 1994/11/03 Dustin Sallings <dustin () spy net> | Key fingerprint = 87 02 57 08 02 D0 DA D6 C8 0F 3E 65 51 98 D8 BE L_______________________ I hope the answer won't upset her. ____________
Current thread:
- Preliminary Notice: Cisco LocalDirector enable password loss John Bashinski (Nov 16)
- <Possible follow-ups>
- Re: Preliminary Notice: Cisco LocalDirector enable password loss Lloyd Vancil (Nov 17)
- Re: Preliminary Notice: Cisco LocalDirector enable password loss Dustin Sallings (Nov 17)