From: stevenw@best.com (Steven Weller)
Date: Sat, 27 Jan 1996 01:27:19 +0800
To: cypherpunks@toad.com
Subject: [NOISE] Bad key management
Message-ID: <v0153050dad2ea48598aa@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain


>From RISKS:

------------------------------

Date: Tue, 23 Jan 1996 20:32:37 -0500 (EST)
From: Ed Ravin <eravin@panix.com>
Subject: I won't tell if you won't...

I just found this browsing through a router manufacturer's "Frequently
Asked Questions" file:

   Q3       I have a bridge/router, and I have forgotten my password.  I am
   no longer able to log in and configure the device(s).  What do I do
   now?

   Do not panic! Enter the following password at the password
   prompt:XYZZYHIMOM.  This should get you into the unit.  Notice!! This is
   a back door to the units, and should not be made available to people
   who do not need to know about it!

And I don't even own one of these routers -- I found this in a reseller's
online catalog.  Back doors in devices that are often hooked directly to
external networks are a Bad Idea, if you ask me.  At least the manufacturer
documented it...

(password above changed to protect the guilty)

Ed Ravin  +1 212 678 5545  eravin@panix.com

------------------------------

-------------------------------------------------------------------------
Steven Weller                      |  "The Internet, of course, is more
                                   |  than just a place to find pictures
                                   |  of people having sex with dogs."
stevenw@best.com                   |       -- Time Magazine, 3 July 1995