Welcome, Guest. Please login or register.
Did you miss your activation email?
Sunday 24 November 2024, 06:39:18 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  Endian 2.3 Console Security Bugs
0 Members and 2 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Endian 2.3 Console Security Bugs  (Read 17563 times)
serkanp
Jr. Member
*
Offline Offline

Posts: 5


« on: Sunday 14 March 2010, 01:07:37 am »

0 > Shell
1 > Reboot
2 > Change Root Password
3 > Change Admin Password
4 > Restore Factory Defaults

Select Reboot or Restore Factory Defaults, system no ask root or admin password and execute the command.
4 > Restore Factory Defaults, this is disaster to network system.... ( unauthorized people )

How can I pacth this bug or hide this screen.

Thank you.
Logged
StephanSch
Full Member
***
Offline Offline

Gender: Male
Posts: 57


« Reply #1 on: Sunday 14 March 2010, 02:25:25 am »

If your users are able to reach your hardware you have much more problems.

You can edit /usr/sbin/efw-console to hide these options.
Logged
whoiam55
Full Member
***
Offline Offline

Posts: 71



WWW
« Reply #2 on: Sunday 14 March 2010, 05:52:30 pm »

If your users are able to reach your hardware you have much more problems.

I robber will always rob, no matter you have lock on door or not, then why use a lock even?
Logged

सत्यमेव जयते!
StephanSch
Full Member
***
Offline Offline

Gender: Male
Posts: 57


« Reply #3 on: Sunday 14 March 2010, 07:43:12 pm »

And a robber has a advantage of resetting factory defaults or rebooting?

Another constructive point: your users can also start your efw with the mini-bash and change the root password (http://kb.endian.com/entry/45/).
Logged
serkanp
Jr. Member
*
Offline Offline

Posts: 5


« Reply #4 on: Monday 15 March 2010, 11:10:59 pm »

And a robber has a advantage of resetting factory defaults or rebooting?

Another constructive point: your users can also start your efw with the mini-bash and change the root password ().


Installaiton progress ask me connect to serial interface and I'm say NO
Logged
serkanp
Jr. Member
*
Offline Offline

Posts: 5


« Reply #5 on: Monday 15 March 2010, 11:30:40 pm »

If your users are able to reach your hardware you have much more problems.

You can edit /usr/sbin/efw-console to hide these options.

thank you, resolve my problem.
Logged
StephanSch
Full Member
***
Offline Offline

Gender: Male
Posts: 57


« Reply #6 on: Wednesday 17 March 2010, 04:10:30 am »


Installaiton progress ask me connect to serial interface and I'm say NO


I meant "Solution 2"
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.084 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com