Allied Telesis Security Blunder

Another reason why security by obscurity is bad: Allied Telesis builds network components. While this page was loaded in your browser, there is a chance that equipment of them was involved somewhere.

Those components have access protection with the common user/password scheme. If you lost your password, the support could tell you the name and password for a backdoor, that is a login that would always work but one that isn’t visible when you, say, request a list of all known users.

Sounds good? It is. Saves a lot of hassle.

The problem? Someone posted the details for all backdoors in the public support section. Which means that crackers all over the globe now have free reign over them.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s