Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

bios-backdoors.txt

🗓️ 17 Aug 1999 00:00:00Reported by Packet StormType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 50 Views

BIOS backdoor passwords exist; relying on them for security is ineffective and risky.

Code
`Date: Tue, 3 Nov 1998 13:22:20 -0600  
From: Paul L Schmehl <[email protected]>  
To: [email protected]  
Subject: BIOS Backdoor Passwords  
  
I've been out of the office since posting the comments about the  
ineffectiveness of BIOS passwords, and I returned to find (to my surprise)  
numerous requests for information about this.  
  
Rather than respond to each individual's request, I'll post the information  
here. If someone has further questions after reading this, feel free to  
email me personally, and I'll attempt to respond to you individually.  
(IOW, I am not responding to those of you who emailed me prior to this  
post. You will have to email me again if you want personal assistance.)  
  
Most BIOS manufacturers have backdoor passwords. These are not OEM  
backdoors, but BIOS backdoors. They aren't publicized (for obvious  
reasons), but any experienced PC hardware technician is aware of them.  
(And so are a number of students/hackers/crackers/etc.)  
  
For example, AWARD BIOS can normally be "cracked" with AWARD_SW, AWARD_PW  
or j262 (these are all case sensitive.) AMIBIOS and Phoenix also have  
backdoors I'm aware of. (I'm sorry, I've forgotten them now - no point in  
remembering something which only points out the obvious - don't rely on  
BIOS passwords if security is important to you.)  
  
I should point out here if protecting the BIOS from tampering (in student  
computer labs for example) is important to you, by all means use them.  
Just don't be foolish enough to think *some* students won't know how to  
enter and alter the BIOS to their liking. As with all locks, BIOS  
passwords will keep the honest people out but provide no protection against  
dishonest ones.  
  
As far as URLs for the info, a search for "BIOS passwords" will reveal all  
you need to see to convince you of the ineffectuality of depending on BIOS  
passwords to protect your systems. Not only is the information freely  
available, but there are many cracker programs designed to break in to the  
BIOS of any system.  
  
I shouldn't have to point out the obvious - if it's on the web, your users  
know about it, and some will use it.  
  
Here's a few URLs to get you started:  
http://www.hedgie.com/passwords/bios.html  
http://hem.passagen.se/unaxor/cracking.html  
http://www.voicenet.com/~raze/files/textfaq/pchack.txt  
http://www.geocities.com/Area51/Zone/6430/cracking.html  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Aug 1999 00:00Current
7.4High risk
Vulners AI Score7.4
bios security risksbackdoor passwordsineffective protectionhardware technician knowledgetampering prevention
50