Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2005 Patrik KarlssonOPENVAS:136141256231010747
HistoryNov 03, 2005 - 12:00 a.m.

3Com Superstack 3 Switch Default Credentials (Telnet)

2005-11-0300:00:00
Copyright (C) 2005 Patrik Karlsson
plugins.openvas.org
52

AI Score

9.6

Confidence

High

EPSS

0.015

Percentile

87.0%

JSON

The 3Com Superstack 3 switch has the default passwords set.

# SPDX-FileCopyrightText: 2005 Patrik Karlsson
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.10747");
  script_version("2023-06-22T10:34:15+0000");
  script_tag(name:"last_modification", value:"2023-06-22 10:34:15 +0000 (Thu, 22 Jun 2023)");
  script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_cve_id("CVE-1999-0507", "CVE-1999-0508");
  script_name("3Com Superstack 3 Switch Default Credentials (Telnet)");
  script_category(ACT_ATTACK);
  script_copyright("Copyright (C) 2005 Patrik Karlsson");
  script_family("Default Accounts");
  script_dependencies("telnetserver_detect_type_nd_version.nasl", "gb_default_credentials_options.nasl");
  script_require_ports(23); # the port can't be changed on the device
  script_mandatory_keys("telnet/banner/available");
  script_exclude_keys("default_credentials/disable_default_account_checks");

  script_add_preference(name:"Use complete password list (not only vendor specific passwords)", type:"checkbox", value:"no", id:1);

  script_tag(name:"solution", value:"Telnet to this switch and change the default passwords
  immediately.");

  script_tag(name:"summary", value:"The 3Com Superstack 3 switch has the default passwords set.");

  script_tag(name:"impact", value:"The attacker could use these default passwords to gain remote
  access to your switch and then reconfigure the switch. These passwords could
  also be potentially used to gain sensitive information about your network from the switch.");

  script_tag(name:"solution_type", value:"Mitigation");
  script_tag(name:"qod_type", value:"remote_vul");

  exit(0);
}

include("telnet_func.inc");
include("default_credentials.inc");
include("misc_func.inc");
include("dump.inc");

# If optimize_test = no
if( get_kb_item( "default_credentials/disable_default_account_checks" ) ) exit( 0 );

port = 23; # the port can't be changed on the device
if( ! get_port_state( port ) ) exit( 0 );
banner = telnet_get_banner( port:port );
if( !banner || "Login : " >!< banner ) exit( 0 );

p = script_get_preference( "Use complete password list (not only vendor specific passwords)" );
if( "yes" >< p ) {
  clist = try();
} else {
  clist = try( vendor:"3com" );
}
if( ! clist ) exit( 0 );

found = FALSE;

report = string( "Standard passwords were found on this 3Com Superstack switch.\n" );
report += string( "The passwords found are:\n\n" );

foreach credential( clist ) {

  # Handling of user uploaded credentials which requires to escape a ';' or ':'
  # in the user/password so it doesn't interfere with our splitting below.
  credential = str_replace( string:credential, find:"\;", replace:"#sem_legacy#" );
  credential = str_replace( string:credential, find:"\:", replace:"#sem_new#" );

  user_pass = split( credential, sep:":", keep:FALSE );
  if( isnull( user_pass[0] ) || isnull( user_pass[1] ) ) {
    # nb: ';' was used pre r9566 but was changed to ':' as a separator as the
    # GSA is stripping ';' from the VT description. Keeping both in here
    # for backwards compatibility with older scan configs.
    user_pass = split( credential, sep:";", keep:FALSE );
    if( isnull( user_pass[0] ) || isnull( user_pass[1] ) )
      continue;
  }

  user = chomp( user_pass[0] );
  pass = chomp( user_pass[1] );

  user = str_replace( string:user, find:"#sem_legacy#", replace:";" );
  pass = str_replace( string:pass, find:"#sem_legacy#", replace:";" );
  user = str_replace( string:user, find:"#sem_new#", replace:":" );
  pass = str_replace( string:pass, find:"#sem_new#", replace:":" );

  if( tolower( pass ) == "none" ) pass = "";

  soc = open_sock_tcp( port );
  if( ! soc ) continue;

  r = recv( socket:soc, length:160 );
  if( "Login: " >< r ) {
    tmp = string( user, "\r\n" );
    send( socket:soc, data:tmp );
    r = recv_line( socket:soc, length:2048 );
    tmp = string( pass, "\r\n" );
    send( socket:soc, data:tmp );
    r = recv( socket:soc, length:4096 );

    if( "logout" >< r ) {
      found = TRUE;
      report += string( user, ":", pass, "\n" );
    }
  }
  close( soc );
}

if( found ) {
  security_message( port:port, data:report );
  exit( 0 );
}

exit( 99 );

Related

openvas 35
nessus 25
cvelist 2
cve 2
packetstorm 1
metasploit 2
openvas
openvas
Cisco Device Default Password (SSH)
2007-11-04 00:00:00
Bay Networks Accelar 1200 Switch Default Credentials (Telnet)
2005-11-03 00:00:00
AirConnect Default Password (HTTP)
2005-11-03 00:00:00
nessus
nessus
Shiva LanRover Blank Password
2002-06-05 00:00:00
3Com Superstack 3 Switch Multiple Default Accounts
2001-08-29 00:00:00
Bay Networks Accelar 1200 Switch Default Password (password) for 'usrname' Account
2005-06-03 00:00:00
cvelist
cvelist
CVE-1999-0507
2000-02-04 05:00:00
CVE-1999-0508
2000-02-04 05:00:00
cve
cve
CVE-1999-0508
2000-02-04 05:00:00
CVE-1999-0507
2000-02-04 05:00:00
packetstorm
packetstorm
SNMP Community Login Scanner
2024-08-31 00:00:00
metasploit
metasploit
SNMP Enumeration Module
2010-12-25 06:31:38
SNMP Community Login Scanner
2012-03-18 05:07:27

AI Score

9.6

Confidence

High

EPSS

0.015

Percentile

87.0%

JSON
Related for OPENVAS:136141256231010747
openvas35nessus25cvelist2cve2packetstorm1metasploit2