Penetration Testing mailing list archives
Re: [PEN-TEST] PBX Security
From: Ben Grubin <Ben.Grubin () GUARDENT COM>
Date: Wed, 4 Oct 2000 14:08:19 -0400
More importantly, I believe this can be considered a vendor security bug. Any resetting of top-level administrative passwords in software, hardcoded or not, is just plain wrong. Physical access to the hardware should be required to reset a top-level administrative password. Software backdoors are *never* known by only the right people. This has been proven time and time again. Cheers, Ben
-----Original Message----- From: Loschiavo, Dave [mailto:DLoschiavo () FRCC CC CA US] Sent: Wednesday, October 04, 2000 12:19 PM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: PBX Security <quote> It's unfair to use a known back-door when pen-testing. The back-door on Norstar is pretty hard to stumble across, but it is nice to know the default passcodes, and test for things like that. Good luck! </quote> If it is known (heck, or even if you are the only one who knows it), why is it unfair? If you were able to find it, via social engineering, why can't a hacker. The way I look at, if a back-door has a hard coded (or unchanged default) method for allowing access, then it is a security hole. Isn't that what a Pen-Test is supposed to uncover? Thoughts? Comments?
Current thread:
- Re: [PEN-TEST] PBX Security, (continued)
- Re: [PEN-TEST] PBX Security Frasnelli, Dan (Oct 04)
- Re: [PEN-TEST] PBX Security Talisker (Oct 04)
- Re: [PEN-TEST] PBX Security PRAYAGSING MUKESH (Oct 04)
- Re: [PEN-TEST] PBX Security Dunker, Noah (Oct 04)
- Re: [PEN-TEST] PBX Security David Alexander (Oct 04)
- Re: [PEN-TEST] PBX Security Gallicchio, Florindo (2282) (Oct 04)
- Re: [PEN-TEST] PBX Security Loschiavo, Dave (Oct 04)
- Re: [PEN-TEST] PBX Security Mark L. Jackson (Oct 05)
- Re: [PEN-TEST] PBX Security Curphey, Mark (ISS Atlanta) (Oct 04)
- Re: [PEN-TEST] PBX Security Fricke, Gregory D. (Oct 04)
- Re: [PEN-TEST] PBX Security Ben Grubin (Oct 04)
- Re: [PEN-TEST] PBX Security Dunker, Noah (Oct 04)
- Re: [PEN-TEST] PBX Security Davidson,Sam (Oct 04)
- Re: [PEN-TEST] PBX Security Alex Balayan (Oct 04)