|
Title: Endian 2.3 Console Security Bugs Post by: serkanp on Sunday 14 March 2010, 01:07:37 am 0 > Shell
1 > Reboot 2 > Change Root Password 3 > Change Admin Password 4 > Restore Factory Defaults Select Reboot or Restore Factory Defaults, system no ask root or admin password and execute the command. 4 > Restore Factory Defaults, this is disaster to network system.... ( unauthorized people ) How can I pacth this bug or hide this screen. Thank you. Title: Re: Endian 2.3 Console Security Bugs Post by: StephanSch on Sunday 14 March 2010, 02:25:25 am If your users are able to reach your hardware you have much more problems.
You can edit /usr/sbin/efw-console to hide these options. Title: Re: Endian 2.3 Console Security Bugs Post by: whoiam55 on Sunday 14 March 2010, 05:52:30 pm If your users are able to reach your hardware you have much more problems. I robber will always rob, no matter you have lock on door or not, then why use a lock even? Title: Re: Endian 2.3 Console Security Bugs Post by: StephanSch on Sunday 14 March 2010, 07:43:12 pm And a robber has a advantage of resetting factory defaults or rebooting?
Another constructive point: your users can also start your efw with the mini-bash and change the root password (http://kb.endian.com/entry/45/). Title: Re: Endian 2.3 Console Security Bugs Post by: serkanp on Monday 15 March 2010, 11:10:59 pm And a robber has a advantage of resetting factory defaults or rebooting? Another constructive point: your users can also start your efw with the mini-bash and change the root password (). Installaiton progress ask me connect to serial interface and I'm say NO Title: Re: Endian 2.3 Console Security Bugs Post by: serkanp on Monday 15 March 2010, 11:30:40 pm If your users are able to reach your hardware you have much more problems. You can edit /usr/sbin/efw-console to hide these options. thank you, resolve my problem. Title: Re: Endian 2.3 Console Security Bugs Post by: StephanSch on Wednesday 17 March 2010, 04:10:30 am Installaiton progress ask me connect to serial interface and I'm say NO I meant "Solution 2" |