In the p50 running +5.1A+ ive discovered a security hole while fiddling around last week. The 3 levels of access are pointless because once you have the telnet password, it allows you to go into diagnostic mode and dump the p50's config to a tftp server, complete with all passwords for the unit.... Silly silly ascend. --------------------------------------------------------------------- | Skeeve Stevens - myinternet personal.url: <A HREF="http://www.skeeve.net/">http://www.skeeve.net/</A> | | email://skeeve@skeeve.net/ work.url: <A HREF="http://www.myinternet.net/">http://www.myinternet.net/</A> | | phone://612.9876.4527/ mobile://0414.SKEEVE/ [753-383] | | No kids, no chat room, no smiley faces. | | - This email is (c) 1997 by Skeeve Stevens - All rights reserved - | --------------------------------------------------------------------- ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com To get FAQ'd: <<A HREF="http://www.nealis.net/ascend/faq">http://www.nealis.net/ascend/faq</A>> </PRE> <!--X-MsgBody-End--> <!--X-Follow-Ups--> <HR> <STRONG>Follow-Ups</STRONG>: <UL> <LI><STRONG><A HREF="msg11547.html">Re: (ASCEND) security hole in p50</A></STRONG></LI> <UL> <LI><EM>From</EM>: Brett Hawn <blh@texas.net></LI> </UL> </UL> <!--X-Follow-Ups-End--> <!--X-References--> <!--X-References-End--> <!--X-BotPNI--> <HR> <UL> <LI>Prev by Date: <STRONG><A HREF="msg11547.html">Re: (ASCEND) security hole in p50</A></STRONG> </LI> <LI>Next by Date: <STRONG><A HREF="msg11545.html">Re: (ASCEND) TNT and ISDN</A></STRONG> </LI> <LI>Prev by thread: <STRONG><A HREF="msg11543.html">(ASCEND) 'Proxy State' support ?</A></STRONG> </LI> <LI>Next by thread: <STRONG><A HREF="msg11547.html">Re: (ASCEND) security hole in p50</A></STRONG> </LI> <LI>Index(es): <UL> <LI><A HREF="maillist.html#11546"><STRONG>Main</STRONG></A></LI> <LI><A HREF="thrd271.html#11546"><STRONG>Thread</STRONG></A></LI> </UL> </LI> </UL> <!--X-BotPNI-End--> <!--X-User-Footer--> <!--X-User-Footer-End--> </BODY> </HTML>