Efficient Speedstream DSL Router Default Admin Account

2005-01-01T05:15:41
ID OSVDB:30924
Type osvdb
Reporter OSVDB
Modified 2005-01-01T05:15:41

Description

Vulnerability Description

By default, Efficient Speedstream DSL Routers install with a default password. The 'admin' account has a password of 'admin' which is publicly known and documented. This allows attackers to trivially access the program or system. Some web sites report that a password of 'Admin' is the default, but OSVDB testing indicates this may not be correct.

Short Description

By default, Efficient Speedstream DSL Routers install with a default password. The 'admin' account has a password of 'admin' which is publicly known and documented. This allows attackers to trivially access the program or system. Some web sites report that a password of 'Admin' is the default, but OSVDB testing indicates this may not be correct.

Manual Testing Notes

forced ~# telnet [target] Trying [target]... Connected to [target]. Escape character is '^]'. SpeedStream Telnet Server

login: admin password: admin User logged in xsh>

References:

Other Advisory URL: http://www.phenoelit.de/dpl/dpl.html