back to article Filesharers spread Allied Telesis networking 'backdoor' info

"Backdoor passwords" for a range of Allied Telesis networking devices have been leaked online. Allied Telesis said that although the leaked document referred to a "backdoor password" (screenshot via H Security here), this was an unfortunate choice of phrase for what was actually a password-recovery feature of the type most …

COMMENTS

This topic is closed for new posts.
  1. Steven Knox
    Holmes

    Correction

    "...making security-related documents that are meant to be restricted openly available is seldom a good idea. "

    s/b

    "...making security-related documents that are meant to be restricted is seldom a good idea. "

    If your security system isn't good enough to be open to scrutiny, it's not good enough.

  2. Miek

    "Allied Telesis is reportedly working on removing the leaked documents from the filesharing sites"

    GLWT

  3. Miek
    Coat

    Put the Genie back in the bottle

    Perhaps they could use a Super-Injunction or something ?

  4. Nigel 11
    Thumb Down

    The write-lock switch, yet again.

    The answer for all such issues, is to make the functionality work only if something mechanical has been done to the hardware. The classic is the write-lock button on an old exchangeable-platter disk drive. These days, any hardware that is user-flashable should have a firmware write enable switch (shipped OFF), and anything with a built-in password should have a built-in-password-enable switch (ditto shipped OFF).

    Best, in my view, if the switch requires taking the cover off the equipment. But even more important, that these switches exist in the first place.

  5. Anonymous Coward
    Anonymous Coward

    Allied Telesis?

    Haven't heard that name since 10Base5 networks and their "vampire" transceivers.

    Does anyone still use them?

    Maybe it's all just a publicity stunt?

  6. heyrick Silver badge

    Duh.

    Come on, what's wrong with the "hold reset button for 10 seconds at power up to reset default options (and password)"?

  7. Anonymous Coward
    Anonymous Coward

    yeah, they're still around

    fortunately, the fiber adapters don't have this feature/flaw

  8. Anonymous Coward
    Thumb Down

    Not very clever at all

    Whether it's a back-door or a password-recovery capability is immaterial - it shouldn't have been there. No matter how secretive they thought they were about it, they put a weakness into the devices. I'd rather accept the risk that a full reset (and consequent down-time) is necessary to recover the situation.

  9. Paul Crawford Silver badge
    Mushroom

    Really?

    "Allied Telesis is reportedly working on removing the leaked documents from the filesharing sites"

    Meanwhile we look forward to getting the mushroom cloud back in the sphere of plutonium...

  10. Anonymous Coward
    Trollface

    Private, Exposed Notes on Internets and other Syndicates

    That's even more lulzy than your ludicrous suggestion that security-by-obscurity could somehow have helped!

  11. Lance the Boil

    Pointless article

    Cisco devices have the same. Plug in the console cable and change the confreg setting on bootup. This allows config recovery as well so is also not secure.

    I'm not certain there is a network device that is secure against someone with physical access to the device.

    So what is required to make sure a device is secure is the rest of the network only allowing 'trusted' and 'uncompromised' devices to connect to the rest of the network.

This topic is closed for new posts.

Other stories you might like