Re: Default password in Bay Networks switches.

[dk () GENESYSLAB COM (Dmitry Kohmanyuk Дмитрий Кохманюк)]

On Wed, Mar 10, 1999 at 05:16:53PM -0800, Jon Green wrote:
> >     And yes, I consider this to be a backdoor - wouldn't you call it
> >     a backdoor if Solaris had default password for root logins?
> >     How can vendors in 1999 even THINK about something as stupid as
> >     inserting a default password like this into a switch!?!?
> >     Granted - I am almost sure Bay didn't have evil intentions for
> >     the use .. but still. I am speechless.
>
> This was fixed in version 2.0.3.4 of the BS350 code last November.
> The backdoor is still there for console access, but not for telnet.
> This problem only affected the Baystack 350T and 350F, it did not
> affect the 350-24T or 450.  Also, note that the 350 has always had the
> ability to limit telnet logins to certain source addresses; it is
> recommended that that feature be used.
>
> Software upgrades for the 350 can be found at
> http://support.baynetworks.com under Software.  If you don't
> have a support contract, call (800) 2LANWAN.

does Bay (or whatever owner now it is) require me to pay money so
my newly bought switch would not have its telnet access open to
everybody with bugtraq subscription??  Just curious.  Last time we
checked it was that (less than 6 monthes ago.)

Just tested.... sure it does prompt for `Contract Customer Login'.

Customers should suffer to save money on support contracts.
It's the hardware you buy once;  software updates can be sold many times.
I wonder how many things like that they put in to finance support department
for next couple of years.