TUCoPS :: Network Appliances :: napl5083.htm

HP AdvanceStack superuser access with no password
11th Feb 2002 [SBWID-5083]
COMMAND

	HP AdvanceStack superuser access with no password

SYSTEMS AFFECTED

	HP AdvanceStack J3210A

PROBLEM

	In Tamer Sahin [http://www.securityoffice.net] advisory :
	

	--snip--
	

	An attacker  can  get  unauthorized  access  to  the  switch  read/write
	password change page this page :
	

	http://host/security/web_access.html

	

	and change superuser password. Connect superuser privileged via  Web  or
	Telnet.
	

	--snap--

SOLUTION

	None yet.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH