lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20040426010742.7892.qmail@www.securityfocus.com>
Date: 26 Apr 2004 01:07:42 -0000
From: Kyle Duren <acidrain_ask@...itha.com>
To: bugtraq@...urityfocus.com
Subject: Samsung SmartEther SS6215S Switch




There is a vulnerability within the OS that this (and other) samsung 
managed switches. The problem resides in the way that the admin user 
is authenticated when trying to login using telnet (remote) or from 
console (local). Now just so everyone who reads this knows, I am not 
that up to date on all of these terms for this such thing.

Example:

Trying 192.168.0.2...
Connected to 192.168.0.2.
Escape character is '^]'.

                Samsung Electronics Co., Ltd.
                 Enterprise Network Division
                      SmartEther Switch
login   :  admin
password:  ****************
error: Password not matched.
password:  

admin> 

If you try to login as the "admin" user, and you do not have the 
password, then all you need to do, is to type "admin" and then for the 
password, use any combination of letters or numbers or !@...^&*, as 
long as it fills up the entire "space" for the password it will work. 
Then you hit enter again, after it tells you the password is incorrect. 
You are now logged in. This works via telnet or via local 
(hyperterminal). However this does not work, if you fill all of the 
password space, and then delete one character.I have tried this on 2 
SS6215S 16 port layer 2 managed switches and it works on both every 
time.

This will not however let you "set" the admin password once you have 
logged in. Example:

admin> passwd
old password  : ****************
error: old password is not matched
admin> 

If anyone has any other models of these switches or hubs I'd like to see 
if this problem exists in other models.

-
Kyle Duren

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ