Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Advisory on (Award) BIOS default/backdoor passwords

From: 11a () GMX NET (Bluefish)
Date: Wed, 19 Jul 2000 14:44:22 +0200


 Additionally I suspect that the following passwords are really typos and
 should be "AWARD_SW". However, I have no proof of it. They do NOT give
 the same hash as "AWARD_SW" though!
 award_ps, AWARD_PW, award.sw, AWARD?SW, award_?



You have to type AWARD?SW on a German keyboard to get AWARD_SW.


OK, then Award does a flawed conversion to ASCII. Maybe it assumes
american keyboards. Then maybe we have to assume that with some keyboards
award.sw is allright too.

Anyway around, those passwords gives hash 1EAA, so they can be replaced by
any of the other passwords with that hash. 589589 is my personal favourite
:) Better to list a password from [a-z] or [0-9] so that it is the same on
all keyboards.

Regarding AWARD_PW, that was on an german keyboard as well? I wonder if
german keyboards might be really weird and come in two different setups
with different scancdes for underscore, that might explain it.

..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team
Previous By Date Next
Previous By Thread Next

Current thread: