Any "Administrative-User" has the same power as !root.
Hey, I just figured out how to get into a box when you forgot the root
password, but have access to the radius server, bonnus.
Krzysztof
On Wed, 4 Feb 1998, qcislands net gated newsgroup feed wrote:
> I have a PM2ER-10 (fairly old).
>
> Several people had access to the '!root' password.
>
> I changed it, AND I did a save all, AND I logged back in right away
> with the new password to confirm that it WAS changed.
>
> Now I find that my new password doesn't work. This leads me to suspect
> that one of the other people *somehow* hacked into the router and changed
> the password ON ME!
>
> But how? No one has physical access to the box. They would have had to
> telnet into it. So my question is, could someone have made a backdoor
> into the router OUTSIDE of the !root? AND have been able to change my
> !root access as well? If this is so, then it makes my knees knock.
>
> Please someone tell me how to prevent this from happening on my other two
> routers!
>
> This is definately a security issue, but I don't want to let on that I've
> discovered it until I can prevent it from happening again!
> --------------------------------------------------------------------------------
> Jim Pazarena, webmaster - qcislands.net mailto:paz@qcislands.net
> Box 550 - 405 2nd Avenue http://www.qcislands.net/paz
> Queen Charlotte BC
> CANADA V0T 1S0 (250) 559 4443
>
> -
> To unsubscribe, email 'majordomo@livingston.com' with
> 'unsubscribe portmaster-users' in the body of the message.
>
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.