Nmap Development mailing list archives
[NSE] accton.nse: OSVDB 67963, Accton products Super User Password Generation Algorithm Weakness
From: Gutek <ange.gutek () gmail com>
Date: Sun, 19 Sep 2010 13:24:01 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi list, This script aims a one-year unpatched vulnerability hidded in many Accton-embedded products, as described by Edwin Eefting, Erik Smit and Erwin Drent @HAR2009. Many switches manufacturers embed Accton products (3Com, Dell, SMC, Foundry, EdgeCore and maybe others). In august 2009 at the HAR2009 Edwin Eefting, Erik Smit and Erwin Drent revealed that Accton has left a management backdoor behind (telnet, SSH and HTTP). Researchers have released a paper explaining their work: http://www.vettebak.nl/hak/accton.pdf While __super is the login, the password can be guessed (computed) from the switches' MAC address. This is what this script does. Be advised that it does not check if the target is an Accton embedded product, neither if the target is actually a vulnerable one: it's non-intrusive. It would be nicer if the script could retrieve the target's MAC address by itself but I didn't find such a function in the NSE libraries. Please also note that I did not actually test this script against real vulnerable targets: I don't have any at hand. Hence, this script was tested against known vulnerable MAC addresses and its results were compared with the publishers' ones. Best regards, A.G. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkyV8tEACgkQ3aDTTO0ha7hDZACdFGEZpYmCY8tolp2Mv4Hn9oCg Td4AnixrBY/y3zDAZXz+vd/uePUXzCPf =oGI4 -----END PGP SIGNATURE-----
Attachment:
accton.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] accton.nse: OSVDB 67963, Accton products Super User Password Generation Algorithm Weakness Gutek (Sep 19)