Backdoor instructions for Allied Telesis switches leaked
Posted on 30 May 2011.
A simple categorizing mistake has resulted in the publishing of an internal Allied Telesis document that reveals how to set up backdoor accounts for the company's switches.

According to Jody Feigle, Allied's North American Customer Support Manager, the document was recategorized from "public-internal" to "public global" by mistake, which made it available - along with three other documents - for perusal to Internet users on the company website.

Indexed by Google, it was spotted, downloaded and posted to a file sharing site. The file - an Excel spreadsheet - contains instructions on how to obtain a backdoor password for around 20 different switch models made by Allied Telesis. A password generator for some of the switches was also made public.

According to ThreatPost, Allied is trying to minimize the importance of the incident and reassure users by pointing out that the backdoor accounts can only be set up by someone who has physical access to the device.

It also says that even though the document is referring to backdoors, the feature is actually a password recovery feature used by most hardware manufacturers.

The company is currently working on removing the leaked documents from the file sharing sites and has notified its support staff of the incident.






Spotlight

Free security software identifies cloud vulnerabilities

Posted on 21 October 2104.  |  Designed for IT and security professionals, the service gives a view of the data exchanged with partner and cloud applications beyond the network firewall. Completely passive, it runs on non-production systems, and does not require firewall changes.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Oct 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //