Backdoor instructions for Allied Telesis switches leaked
Posted on 30 May 2011.
A simple categorizing mistake has resulted in the publishing of an internal Allied Telesis document that reveals how to set up backdoor accounts for the company's switches.

According to Jody Feigle, Allied's North American Customer Support Manager, the document was recategorized from "public-internal" to "public global" by mistake, which made it available - along with three other documents - for perusal to Internet users on the company website.

Indexed by Google, it was spotted, downloaded and posted to a file sharing site. The file - an Excel spreadsheet - contains instructions on how to obtain a backdoor password for around 20 different switch models made by Allied Telesis. A password generator for some of the switches was also made public.

According to ThreatPost, Allied is trying to minimize the importance of the incident and reassure users by pointing out that the backdoor accounts can only be set up by someone who has physical access to the device.

It also says that even though the document is referring to backdoors, the feature is actually a password recovery feature used by most hardware manufacturers.

The company is currently working on removing the leaked documents from the file sharing sites and has notified its support staff of the incident.






Spotlight

eBook: Cybersecurity for Dummies

Posted on 16 December 2014.  |  APTs have changed the world of enterprise security and how networks and organizations are attacked. These threats, and the cybercriminals behind them, are experts at remaining hidden from traditional security while exhibiting an intelligence, resiliency, and patience that has never been seen before.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Thu, Dec 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //