Vulnerability

    Bay Accelar 1000

Affected

    Bay Accelar 1000

Description

    Steven Hearon  found following.   If one  enables the  HTTP server
    (Configuration Interface)  on the  Bay Accelar  1000 series (dunno
    if this is true on other  Accelars) anyone can attach to the  main
    page of the Accelar  without a password.   Not only this, but  one
    can surf around a bit before being asked a password as well.   The
    best part of this  is that when one  tries to login and  fails the
    system logs do not show it!!!  (Atleast a log show doesn't).   Now
    since Bay  likes to  use rw,  rwo, and  rwa one  could use a brute
    hacker  (wwwhack,  etc)  to  attempt  access.   Unlike  other  Bay
    products there is no option  to only allow certain subnets  access
    to  the  HTTP  server.   The  damage  that  could be done is great
    (Turning off ports, redoing VLANs, etc).

Solution

    Bay released  a new  software version  1.3 for  Accelars where the
    "problem" is solved.   In just released  software version 1.3  you
    can build  access lists  to enable  telnet, rlogin,  http and snmp
    read/write  access  only  from  certain  ip addresses e.g. you can
    define  that  one  is  allowed  to  access the routing switch with
    telnet from  a certain  ip address/subnet  but not  with http etc.
    There is also other very  comprehensive tools to limit the  access
    in other ways too.