BugTraq
Samsung SmartEther SS6215S Switch Apr 26 2004 01:07AM
Kyle Duren (acidrain_ask pixitha com)


There is a vulnerability within the OS that this (and other) samsung

managed switches. The problem resides in the way that the admin user

is authenticated when trying to login using telnet (remote) or from

console (local). Now just so everyone who reads this knows, I am not

that up to date on all of these terms for this such thing.

Example:

Trying 192.168.0.2...

Connected to 192.168.0.2.

Escape character is '^]'.

Samsung Electronics Co., Ltd.

Enterprise Network Division

SmartEther Switch

login : admin

password: ****************

error: Password not matched.

password:

admin>

If you try to login as the "admin" user, and you do not have the

password, then all you need to do, is to type "admin" and then for the

password, use any combination of letters or numbers or !@#$%^&*, as

long as it fills up the entire "space" for the password it will work.

Then you hit enter again, after it tells you the password is incorrect.

You are now logged in. This works via telnet or via local

(hyperterminal). However this does not work, if you fill all of the

password space, and then delete one character.I have tried this on 2

SS6215S 16 port layer 2 managed switches and it works on both every

time.

This will not however let you "set" the admin password once you have

logged in. Example:

admin> passwd

old password : ****************

error: old password is not matched

admin>

If anyone has any other models of these switches or hubs I'd like to see

if this problem exists in other models.

-

Kyle Duren

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus