| VID |
29014 |
| Severity |
40 |
| Port |
23 |
| Protocol |
TCP |
| Class |
TELNET |
| Detailed Description |
The Shiva LanRover has default password set.
The Shiva LanRover is the network equipment for Remote Access Service (RAS). RAS lets remote users dial into through a modem port and use the resources of its network as if directly connected.
A default password is a password that has been left unchanged since installation, created by some automatic script or left in demonstration software. An attacker is able to telnet to this system and gain access to any phone lines attached to this device. Additionally, the LanRover can be used as a relay point for further attacks via the telnet and rlogin functionality available from the administration shell.
* References:
http://www.securiteam.com/securitynews/5RR080A1TS.html
http://online.securityfocus.com/archive/1/68924 |
| Recommendation |
Telnet to the device and change the password for the 'root/Guest/hello' account via the passwd command. Please ensure any other accounts have strong passwords set. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
