APC SmartSlot Web/SNMP Management Card Default Password Vulnerability
BID:9681
Info
APC SmartSlot Web/SNMP Management Card Default Password Vulnerability
| Bugtraq ID: | 9681 |
| Class: | Design Error |
| CVE: |
CVE-2004-0311 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 17 2004 12:00AM |
| Updated: | Jul 12 2009 03:06AM |
| Credit: | Discovery of this vulnerability has been credited to Dave Tarbatt <[email protected]>. |
| Vulnerable: |
APC WEB/SNMP Management Card (9606) Firmware 3.0.1 APC WEB/SNMP Management Card (9606) Firmware 3.0 |
| Not Vulnerable: | |
Discussion
APC SmartSlot Web/SNMP Management Card Default Password Vulnerability
APC SmartSlot Web/SNMP Management Card has been reported prone to a default password vulnerability. This password is reportedly used during initial card configuration, prior to public distribution. It has been reported that an attacker may access any of the affected services, if they are available, by using the default password.
The impact of this issue may be exaggerated if the same authentication credentials are used to access multiple hosts.
APC SmartSlot Web/SNMP Management Card has been reported prone to a default password vulnerability. This password is reportedly used during initial card configuration, prior to public distribution. It has been reported that an attacker may access any of the affected services, if they are available, by using the default password.
The impact of this issue may be exaggerated if the same authentication credentials are used to access multiple hosts.
Exploit / POC
APC SmartSlot Web/SNMP Management Card Default Password Vulnerability
A proof of concept demonstration is available in the referenced advisory.
A proof of concept demonstration is available in the referenced advisory.
Solution / Fix
APC SmartSlot Web/SNMP Management Card Default Password Vulnerability
Solution:
APC has released a security advisory dealing with this issue. Please see the reference section for more details.
APC WEB/SNMP Management Card (9606) Firmware 3.0
APC WEB/SNMP Management Card (9606) Firmware 3.0.1
Solution:
APC has released a security advisory dealing with this issue. Please see the reference section for more details.
APC WEB/SNMP Management Card (9606) Firmware 3.0
-
APC sa2988_patch
http://www.apc.com/go/direct/index.cfm?tag=sa2988_patch
APC WEB/SNMP Management Card (9606) Firmware 3.0.1
-
APC sa2988_patch
http://www.apc.com/go/direct/index.cfm?tag=sa2988_patch
References
APC SmartSlot Web/SNMP Management Card Default Password Vulnerability
References:
References: