Vulnerability Development mailing list archives
Vulnerability for Intel Mboards
From: thomas.mandl () EUNET AT (Thomas Mandl)
Date: Fri, 14 Apr 2000 17:59:35 +0200
Hi, i've encountered the following 'security hole': New Intel Motherboards (we've found this on motherboards using the 810 chipset) allow 'remote control' of all OS parameters (we tried this with WinNT4.0 SP5/6). When installing add-on programs from the support cd-rom a web server gets installed (i was not aware of this fact), which allows a system administrator to remotely control/monitor various OS and motherboard parameters. E.g. you can monitor the Fan temp, fan rpm, number of installed DIMMs ... or for WinNT4.0 you have access to several OS parameters as (free disk space for drive C: D:, ...), which service pack is used, how the machine was configured, etc... The web server listens on port 6787, and the default account is 'Administrator' with a password of 'changeme' it will work only with IE4 or later! After setup of this machine was finished i was not even aware that there is a web server running on this NT4.0 Workstation (as usual we admin's do not have enough time to RTFM :-). Only after scanning the host with nmap/nessus i found the open port and started to investigate. I just want to _warn_ anyone out there to be careful! This could easily become a potential security hole if used by the wrong guys best regards Thomas -- Thomas Mandl e-mail: Thomas.Mandl () EUnet at NIC-HDL: TM4373 PGP: PGP 6.5.1 available on request (send e-mail with subject: REQUEST PGP) -----BEGIN GEEK CODE BLOCK----- Version 3.1 GE/CC/CS/CM d-(+) s+++:++ a C++++$ US++++$ UL++++$ P++++ L+++ E++>+++ W++>+++ N++ w--- !O !M V-- PE PGP-(++) t++>+++ 5++ X++ R* tv b+ DI++ D++ G++ e++ h* r++ ------END GEEK CODE BLOCK------ ObJoke:Screw the Prime Directive, give the Borg MS-DOS 1.0! ObJoke:UNIX is user friendly. It's just selective about who its friends are.
Current thread:
- Vulnerability for Intel Mboards Thomas Mandl (Apr 14)