| VID |
14032 |
| Severity |
40 |
| Port |
23 |
| Protocol |
TCP |
| Class |
TELNET |
| Detailed Description |
The Annex terminal server has the default password set.
The Annex products were originally produced by a company called Xylogics. Xylogics was bought by Bay Networks. More recently, Bay Networks was purchased by Nortel Networks. Now, The Annex product line has been End Of Lifed by Nortel.
Anyway the default password allows anyone who can access through the telnet service to the equipment to gain administrative access. If modems are attached to this terminal server, it may allow unauthenticated remote access to the network.
* References:
http://www25.nortelnetworks.com/library/rannex/ |
| Recommendation |
Change the default password for the root user, 'su'.
1. Telnet to this terminal server.
2. Change to the root user with 'su' command.
3. Set the password with the 'passwd' command.
4. Go to the admin mode using the 'admin' command.
5. Cli security can be enabled by setting the vcli_security to 'Y' with the command "set annex vcli_security Y". This will require ERPCD or RADIUS authentication for access to the terminal server.
6. Changes can then be applied through the 'reset annex all' command. |
| Related URL |
CVE-1999-0508 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
