Bugtraq mailing list archives
aDSL routers
From: exocet () EUROPA COM (Brad Zimmerman)
Date: Wed, 14 Apr 1999 19:01:35 +0000
This is also true on USWest's Cisco 675. Password is (hit the enter key)... However, as far as I know, all ISP's using Cisco 675's are set into bridging mode, which doesn't allow any remote access to the Cisco 675, save the serial cable. Older USWest equipment, the Netspeed 202 and 204, used a default user name (root) and a default password is (hit the Enter key)... For both routers, the Netspeed and Cisco, the default password/login is listed right in the manual, for anyone to see. In the future, I believe USWest intends to have customers set their Cisco 675's into routing mode. Or, at the very least, ISP's will begin supporting PPP over Ethernet, which means the Cisco routers are set into routing mode, which will make many thousand customers vulnerable due to unauthorized remote access. I believe (but not sure) that Verio has the ability to let customers set their modems into routing mode (using PPP over Ethernet)... USWest *has* detailed changes to the Cisco 675, noting it's ability to do do PPP over Ethernet along with what is required at the ISP end to perform PPP over Ethernet.
Welp, aDSL is here. And at least one manufacturer, flowpoint, sets no admin password. It's in the documentation, so I assume the company already knows about this vulnerability:) System managers who have aDSL access often overlook this, so I thought I'd point it out. A quick fix: disable telnet access to all of your aDSL router IP's. Better fix: set an admin password.
Brad Zimmerman http://fubar.europa.com "Taking over the world, one computer at a time."
Current thread:
- Re: ipop3d (x2) / pine (x2) / ..., (continued)
- Re: ipop3d (x2) / pine (x2) / ... Thomas Roessler (Apr 12)
- [support_feedback () us-support external hp com: Security Bulletins Patrick Oonk (Apr 13)
- Patrol security bugs fcosta (Apr 09)
- Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight M.C.Mar (Apr 09)
- New Novell Remote.NLM Password Decryption Algorithm with Exploit dreamer () RELIA NET (Apr 09)
- Novell Pandora Hack Jeremy M. Guthrie (Apr 12)
- Re: Novell Pandora Hack Simple Nomad (Apr 13)
- Re: Novell Pandora Hack Iain P.C. Moffat (Apr 13)
- aDSL routers David Brumley (Apr 13)
- Re: aDSL routers Derek Vadala (Apr 14)
- aDSL routers Brad Zimmerman (Apr 14)
- Re: aDSL routers Truman Boyes (Apr 14)
- New Novell Remote.NLM Password Decryption Algorithm with Exploit dreamer () RELIA NET (Apr 09)