[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fwd: 3Com switches - undocumented access level.]




Since you didn't specify the method of access. it is hard to determine if
this is a large security hole. Most equipment can be rebooted and brought
up without a password IF you have local access. For example, Cisco routers
can be brought up without password simply by specifying the starting
address of the load file, but you have to be at the local console to do
this. 

UNIX systems can be brought up w/o password in single-user mode, if you 
have local access. Yes, there are firmware passwords to guard against 
this on many systems, but one can always swap up the eeprom, etc.

I'd only be worried about the 3Com backdoor if it can be used remotely.
Got any details?

-r.w.