Date: Wed, 18 Feb 2004 17:51:00 +0100
From: Fredrik Björk <Fredrik.Bjork.List@...bergenergi.se>
To: bugtraq@...urityfocus.com
Subject: Re: APC 9606 SmartSlot Web/SNMP management card "backdoor"


Hi!

Our AP9617 card behaves a bit differently, but still, the password checks 
out... It's too in a Silicon 10 kVA UPS, but the card can be used in 
everything from the smallest BackUPS to huge Silicons.

/Fredrik


User Name : [anything]
Password  : *******************

Final Functional Test:  version 1.0.0

Operate at 38400 baud (y/n)? y

Change baud rate to 38400 and press <ENTER>Version:apc_hw02_aos_105.bin 
Network Management Card AOS
AOS Checksum: PASSED
Version:apc_hw02_dp3e_116.bin   Silcon DP300E Series APP
Application Checksum: PASSED


Hardware Revision:9
Model Number:AP9617
Serial Number:xxxxxxxxx
Manufacture Date:xx/xx/2002
MAC Address:00 C0 B7 xx xx xx
International Type:A
Language Type:A
Hardware Revision <ENTER> for current value:
Model Number <ENTER> for current value:
Serial Number <ENTER> for current value:
Manufacture Date <ENTER> for current value:
MAC Address <ENTER> for current value:
International Type <ENTER> for current value:
Language Type <ENTER> for current value:

Perform the self-test (y/n)? n


>*** Background:
>APC (American Power Conversion) SmartSwitch and UPS (uninterruptible power
>supply) products have a Web and SNMP management card installed that permits
>local serial console, TELNET, web and SNMP management, monitoring and
>mains power control of attached devices.
>
>
>*** The Problem:
>APC SmartSlot Web/SNMP management cards have a "backdoor" password that can
>be abused to extract plain text username/password details for all accounts
>and hence gain unauthorised full control of the device.

Powered by blists - more mailing lists