Backdoor instructions for Allied Telesis switches leaked
Posted on 30 May 2011.
A simple categorizing mistake has resulted in the publishing of an internal Allied Telesis document that reveals how to set up backdoor accounts for the company's switches.

According to Jody Feigle, Allied's North American Customer Support Manager, the document was recategorized from "public-internal" to "public global" by mistake, which made it available - along with three other documents - for perusal to Internet users on the company website.

Indexed by Google, it was spotted, downloaded and posted to a file sharing site. The file - an Excel spreadsheet - contains instructions on how to obtain a backdoor password for around 20 different switch models made by Allied Telesis. A password generator for some of the switches was also made public.

According to ThreatPost, Allied is trying to minimize the importance of the incident and reassure users by pointing out that the backdoor accounts can only be set up by someone who has physical access to the device.

It also says that even though the document is referring to backdoors, the feature is actually a password recovery feature used by most hardware manufacturers.

The company is currently working on removing the leaked documents from the file sharing sites and has notified its support staff of the incident.






Spotlight

Leveraging network intelligence and deep packet inspection

Posted on 26 November 2014.  |  Tomer Saban, CEO of WireX Systems, talks about how deep packet inspection helps with identifying emerging threats, the role of network intelligence, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Nov 27th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //