Main Menu
Network
Sponsor
Top 10 Sites
Partners
|
|
Top Submit newsSubscribe 
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
| Sponsored links | Want to become one of our authors and see your work published on ALLSeek.iNFO ?
| | APC SmartSlot Card Backdoor Password Lets Remote Users Obtain Usernames and Passwords |
|---|
Categorie: Vulnerability
Posted: 2004-02-18 by ReCall
Views: 449
Source: Click here
| Current Rating: Not rated
|
| | Details |
|---|
Description: A vulnerability was reported in the APC SmartSlot management cards used by various APC SmartSwitch and UPS products. A remote user can gain access to the device.
It is reported that the APC SmartSlot Web/SNMP management cards include a common 'backdoor' password ('TENmanUFactOryPOWER') used for factory initialization. A remote user can reportedly access the system via the telnet port or the local serial port using this account and dump the EEPROM contents, which includes usernames and passwords. Then, the remote user can login using one of the accounts to gain access to the device.
The following systems were tested to be vulnerable:
SmartUPS 3000RM with AP9606 AOS v3.2.1 and SmartUPS App v3.2.6
MasterSwitch AP9212 with AP9606 AOS v3.0.3 and MasterSwitch App v2.2.0
The vendor was reportedly notified on August 12, 2003.
Impact: A remote user can obtain usernames and passwords from the system.
Solution: No vendor solution was available at the time of this entry. The vendor is reportedly working on a patch.
The author of the report indicates that as a workaround, you can restrict physical access to the local serial port and disable the telnet interface as described in the device documentation.
| | Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=728
| | User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
| Previous articleBack to news listNext article
|
|
|
|
InterJOB.su
|
