Multiple Switch Vendors '__super' Account Backdoor
High Nessus Plugin ID 49217
SynopsisIt is possible to log on the remote network switch with a default password.
DescriptionNessus was able to log into the remote host as the '__super' user and a password based on the switch's MAC address. This is likely a built-in account that cannot be disabled and whose password cannot be changed.
A remote attacker with knowledge of this switch's MAC address could exploit this by logging in and gaining complete control of the device.
SolutionThere is no known solution at this time. Restrict access to this device.