3COM用一种很奇怪的方式来维护他们售出的设备,那就是后门密码,任何的下列密码都是最高权限,可以自由设置设备。
CoreBuilder 6000/2500 - username: debug password: synnet 除了交换机之外,3com在访问服务器里也加入了默认密码,用户名是"adm",密码为空。 在极端的情况下,这可以作为恢复密码的一个手段。
叉开一些话题,我在使用Nortel(Bay)的交换机时,不小心发现几乎Bay全部产品都有隐藏模式, 350/450上是按一下 ctrl-H 或者是退格键,可以进入Hidden Menu。 Due to this disclosure some 3Com switching products may be vulnerable to security breaches caused by unauthorized access via special logins. To address these issues, customers should immediately log in to their switches via the following usernames and passwords. They should then proceed to change the password via the appropriate Password parameter to prevent unauthorized access.
Customers should also immediately change the SNMP Community string from the default to a proprietary and confidential identifier known only to authorized network management staff. This is due to the fact that the admin password is available through a specific proprietary MIB variable when accessed through the read/write SNMP community string. This issue applies only to the CoreBuilder 2500/6000/3500 and SuperStack II Switch 2200/3900/9300. Fixed versions of software for CoreBuilder 2500/6000/3500 and SuperStack II Switch 2200/3900/9300 are available below.
General administration of these systems should still be performed through the normal documented usernames and passwords. Other facilities found under these special logins are for diagnostic purposes and should only be used under specific guidance from 3Coms Customer Service Organization. 本文由路由器网www.luyouqiwang.net站长编辑整理,转载请注明出处。 |