Bugtraq mailing list archives
Re: Undocumented account vulnerability in Avaya P550R/P580/P880/P882 switches
From: Jacek Lipkowski <sq5bpf () andra com pl>
Date: Thu, 17 Oct 2002 11:14:48 +0200 (CEST)
On Wed, 16 Oct 2002, Mike Scher wrote:
1) The accounts (manuf and diag) are clearly present in the config and easily seen with 'show running-conf' or 'show startup-conf'
They are also documented in the Cajun guides, usually they just say 'don't touch these accounts'
2) They are system accounts and cannot be deleted 3) They have by default the passwords indicated by Mr. Lipkowski 4) They CAN have their passwords changed by the 'root user' and the changes save sucessfully across reloads.
The root user can always change the passwords in any version , just download the config file, make modifications to it, and upload it back again via tftp (this was mentioned in the advisory as a workaround). [...]
While testing, we noticed that accounts with the same password show the same saved hash, indicating that only one salt is in use. That may be a legacy item on the P550, which is discontinued and stuck at 4.3.5 version software.
No, the salt is static in all "bigger" cajuns. This item was also mentioned during my discussion with Avaya. Actually i wouldn't be surprised if all cajuns used the same hash (which is easy to check - just compare the hashes from my advisory with the hashes on your switch). btw does anyone know what it is? it looks like the result of a unix md5 crypt, which is $1$salt$hash, but with the $1$salt part cut off. jacek
Current thread:
- Undocumented account vulnerability in Avaya P550R/P580/P880/P882 switches Jacek Lipkowski (Oct 15)
- Re: Undocumented account vulnerability in Avaya P550R/P580/P880/P882 switches Mike Scher (Oct 16)
- Re: Undocumented account vulnerability in Avaya P550R/P580/P880/P882 switches Jacek Lipkowski (Oct 17)
- Re: Undocumented account vulnerability in Avaya P550R/P580/P880/P882 switches Mike Scher (Oct 16)