NetStructure 7110 Undocumented Password Vulnerability

NetStructure (formerly known as Ipivot Commerce Accelerator) is a multi-site traffic director. This internet equipment is designed for businesses with multiple Web site locations, routing traffic to the best available site from a single URL. Certain revisions of this package have an undocumented supervisor password.
This password, which grants access to the 'wizard' mode of the device, is derived from the MAC address of the primary NIC. This MAC address is displayed in the login banner.

This password can be utilized from the admin console locally (via a serial interface) or remotely if the machine has been deployed with a modem for remote access. With this password an intruder gains shell access to the underlying UNIX system and may sniff traffic, among other things.


Privacy Statement
Copyright 2010, SecurityFocus