Detections
Analytics

Multiple Switch Vendors '__super' Account Backdoor

high Nessus Plugin ID 49217

Language:

Synopsis

It is possible to log on the remote network switch with a default password.

Description

Nessus was able to log into the remote host as the '__super' user and a password based on the switch's MAC address. This is likely a built-in account that cannot be disabled and whose password cannot be changed.

A remote attacker with knowledge of this switch's MAC address could exploit this by logging in and gaining complete control of the device.

Solution

There is no known solution at this time. Restrict access to this device.

See Also

https://har2009.org/program/events/103.en.html

http://www.vettebak.nl/hak/

Plugin Details

Severity: High

ID: 49217

File Name: accton_super_user_backdoor.nasl

Version: 1.19

Type: remote

Published: 9/14/2010

Updated: 6/12/2020

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 8.3

Temporal Score: 7.5

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

Excluded KB Items: global_settings/supplied_logins_only

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 8/15/2009

Reference Information

BID: 42947