Backdoor instructions for Allied Telesis switches leaked
Posted on 30 May 2011.
A simple categorizing mistake has resulted in the publishing of an internal Allied Telesis document that reveals how to set up backdoor accounts for the company's switches.

According to Jody Feigle, Allied's North American Customer Support Manager, the document was recategorized from "public-internal" to "public global" by mistake, which made it available - along with three other documents - for perusal to Internet users on the company website.

Indexed by Google, it was spotted, downloaded and posted to a file sharing site. The file - an Excel spreadsheet - contains instructions on how to obtain a backdoor password for around 20 different switch models made by Allied Telesis. A password generator for some of the switches was also made public.

According to ThreatPost, Allied is trying to minimize the importance of the incident and reassure users by pointing out that the backdoor accounts can only be set up by someone who has physical access to the device.

It also says that even though the document is referring to backdoors, the feature is actually a password recovery feature used by most hardware manufacturers.

The company is currently working on removing the leaked documents from the file sharing sites and has notified its support staff of the incident.






Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //