<<< Date Index >>>     <<< Thread Index >>>

Re: APC 9606 SmartSlot Web/SNMP management card "backdoor"



Hi!

Our AP9617 card behaves a bit differently, but still, the password checks out... It's too in a Silicon 10 kVA UPS, but the card can be used in everything from the smallest BackUPS to huge Silicons.

/Fredrik


User Name : [anything]
Password  : *******************

Final Functional Test:  version 1.0.0

Operate at 38400 baud (y/n)? y

Change baud rate to 38400 and press <ENTER>Version:apc_hw02_aos_105.bin Network Management Card AOS
AOS Checksum: PASSED
Version:apc_hw02_dp3e_116.bin   Silcon DP300E Series APP
Application Checksum: PASSED


Hardware Revision:9
Model Number:AP9617
Serial Number:xxxxxxxxx
Manufacture Date:xx/xx/2002
MAC Address:00 C0 B7 xx xx xx
International Type:A
Language Type:A
Hardware Revision <ENTER> for current value:
Model Number <ENTER> for current value:
Serial Number <ENTER> for current value:
Manufacture Date <ENTER> for current value:
MAC Address <ENTER> for current value:
International Type <ENTER> for current value:
Language Type <ENTER> for current value:

Perform the self-test (y/n)? n


*** Background:
APC (American Power Conversion) SmartSwitch and UPS (uninterruptible power
supply) products have a Web and SNMP management card installed that permits
local serial console, TELNET, web and SNMP management, monitoring and
mains power control of attached devices.


*** The Problem:
APC SmartSlot Web/SNMP management cards have a "backdoor" password that can
be abused to extract plain text username/password details for all accounts
and hence gain unauthorised full control of the device.