Lenovo Discovered a Backdoor in Network Switches Which Allows Attacker Could Perform DDOS

-

Lenovo Discovered a Backdoor in Network Switches Which Allows Attacker Could Perform DDOS.


Lenovo discovered a backdoor in network switches that powered by Enterprise Network Operating System firmware during the security audit by Lenovo in the Telnet and Serial Console management interfaces.
An Authentication bypass mechanism Backdoor also called “HP Backdoor” was discovered with some Lenovo and IBM RackSwitch and BladeCenter switch that allows attacker gain the switch management console interface.
This bypass mechanism can be accessed when performing local authentication under specific and unique circumstances.
If the flaw will be perfectly exploited that it gives direct admin levels access to the switch that leads to performing massive DDOS Attack.


Authentication Bypass mechanism added in 2004

This mechanism was added in 2004 to ENOS when its owned by Nortel’s Blade Server Switch Business Unit.Lenovo discovered this while source code revision and auditing history as confirmed the same.According to Lenovo Following ENOS interfaces and authentication configurations are vulnerable.

Circumstances

  • SSH in firmware released after June 2004 are not vulnerable
  • SSH and Web using only local authentication are not vulnerable
  • SSH, Web, Telnet, and Serial Console using LDAP, RADIUS, or TACACS+ without use of local authentication fallback are not vulnerable
  • Other management interfaces, such as SNMP, are not vulnerable.  
Lenovo Feels, the current authentication mechanism that is used in RackSwitch and  BladeCenter switches are being bypassed is completely unacceptable.

Mitigation – Lenovo

Lenovo Removed the source code that belongs to this authentication bypass mechanism and customers are advised to upgrade to the firmware which eliminates it.
If this firmware upgrade is not suddenly possible then customer adviced to following things.
  • Enable LDAP, RADIUS, or TACAS+ remote authentication AND
  • For any of LDAP, RADIUS, or TACAS+ that are enabled, disable the related “Backdoor” and “Secure Backdoor” local authentication fallback settings AND
  • Disable Telnet AND
  • Restrict physical access to the serial console port.
you can find the affected product version by this backdoor in Lenovo release a CVE() has been assigned( CVE-2017-3765) for this flaw.
Source:-Lenevo

Comments

Post a Comment

Popular posts from this blog

Web Hacking with Burp Suite - Part II

-
Image
 Web Hacking with Burp Suite -II In previous blog i discussed about ghe basic of Brup Suite, Now we are going to discuesss breifly  Lets start..... Burp Suite Overview: Burp Suite has a large array of features, including but not limited to: Interception Proxy:  Designed to give the user control over requests sent to the server. Repeater:  The ability to rapidly repeat/modify specific requests. Intruder:  Feature that allows automation of custom attacks/payloads Decoder:  Decode and encode strings to various formats (URL, Base64, HTML, etc.) Comparer:  Can highlight differences between requests/responses Extender:  API to extend Burps functionality, with many free extensions available via the BApp store. Spider and Discover Content feature:  Crawls links on a web application, and the discover content can be used to dynamically enumerate unlinked content. Scanner (Pro Only):  Automated scanner that checks for web appl...
Read more

Ghost Phisher - Phishing & Penetration Attacks

-
Image
Ghost Phisher - Phishing & Penetration Attacks Ghost Phisher   is a computer security application that comes inbuilt with a Fake DNS Server, Fake DHCP Server, Fake HTTP server and also has an integrated area for automatic capture and logging of HTTP form method credentials to a database. The program could be used as an honey pot,could be used to service DHCP request , DNS requests or phishing attacks Features : ºHTTP Server ºInbuilt RFC 1035 DNS Server ºInbuilt RFC 2131 DHCP Server ºWebpage Hosting and Credential Logger (Phishing) ºWifi Access point Emulator ºSession Hijacking (Passive and Ethernet Modes) ºARP Cache Poisoning (MITM and DOS Attacks) ºPenetration using Metasploit Bindings ºAutomatic credential logging using SQlite Database ºUpdate Support Operating System Supported Software runs on any Linux machine with the programs prerequisites, Prerequisites The Program requires the following to run properly: The following dependencies can be insta...
Read more

How to hack CCTV camera 🎥

-
Image
 How to hack CCTV camera 🎥 Step 1 : Downloading Angry IP Scanner Angry IP scanner   that is generally used by network administrators for port scanning and detecting for the suspicious activity.It is available on all the major OS. First Download and install the Angry IP scanner. Step 2 : Knowing your IP address range It is very important to know your public IP for accomplishing our target.CCTV cameras are connected to our broadband internet connection.If you are using a broadband connection then you can know your public IP by just going to   Google   or  Bing  and typing in the search box “My IP” .It will show your public IP. Here 103.26.218.207 is my public IP .So the IP range will be 103.26.218.1 to 103.26.218.255 Step 3 : Configuring Angry IP scanner Now you have to open   Angry IP Scanner . Go to Tools > Preferences > Ports | include ports 80,8080,23 in Port choice tab  It will filte...
Read more