In the p50 running +5.1A+ ive discovered a security hole while fiddling around
last week.
The 3 levels of access are pointless because once you have the telnet password,
it allows you to go into diagnostic mode and dump the p50's config to a
tftp server, complete with all passwords for the unit....
Silly silly ascend.
---------------------------------------------------------------------
| Skeeve Stevens - myinternet personal.url: <A HREF="http://www.skeeve.net/">http://www.skeeve.net/</A> |
| email://skeeve@skeeve.net/ work.url: <A HREF="http://www.myinternet.net/">http://www.myinternet.net/</A> |
| phone://612.9876.4527/ mobile://0414.SKEEVE/ [753-383] |
| No kids, no chat room, no smiley faces. |
| - This email is (c) 1997 by Skeeve Stevens - All rights reserved - |
---------------------------------------------------------------------
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <<A HREF="http://www.nealis.net/ascend/faq">http://www.nealis.net/ascend/faq</A>>
</PRE>
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<HR>
<STRONG>Follow-Ups</STRONG>:
<UL>
<LI><STRONG><A HREF="msg11547.html">Re: (ASCEND) security hole in p50</A></STRONG></LI>
<UL>
<LI><EM>From</EM>: Brett Hawn <blh@texas.net></LI>
</UL>
</UL>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<HR>
<UL>
<LI>Prev by Date:
<STRONG><A HREF="msg11547.html">Re: (ASCEND) security hole in p50</A></STRONG>
</LI>
<LI>Next by Date:
<STRONG><A HREF="msg11545.html">Re: (ASCEND) TNT and ISDN</A></STRONG>
</LI>
<LI>Prev by thread:
<STRONG><A HREF="msg11543.html">(ASCEND) 'Proxy State' support ?</A></STRONG>
</LI>
<LI>Next by thread:
<STRONG><A HREF="msg11547.html">Re: (ASCEND) security hole in p50</A></STRONG>
</LI>
<LI>Index(es):
<UL>
<LI><A HREF="maillist.html#11546"><STRONG>Main</STRONG></A></LI>
<LI><A HREF="thrd271.html#11546"><STRONG>Thread</STRONG></A></LI>
</UL>
</LI>
</UL>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</BODY>
</HTML>