header-logo
Suggest Exploit
vendor:
Commerce Accelerator
by:
SecurityFocus
7.5
CVSS
HIGH
Password Disclosure
255
CWE
Product Name: Commerce Accelerator
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: UNIX
2002

NetStructure Undocumented Supervisor Password Vulnerability

NetStructure (formerly known as Ipivot Commerce Accelerator) is a multi-site traffic director. Certain revisions of this package have an undocumented supervisor password. This password, which grants access to the 'wizard' mode of the device, is derived from the MAC address of the primary NIC. This MAC address is displayed in the login banner. This password can be utilized from the admin console locally (via a serial interface) or remotely if the machine has been deployed with a modem for remote access. With this password an intruder gains shell access to the underlying UNIX system and may sniff traffic, among other things.

Mitigation:

Ensure that the supervisor password is not derived from the MAC address of the primary NIC.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1182/info

NetStructure (formerly known as Ipivot Commerce Accelerator) is a multi-site traffic director. This internet equipment is designed for businesses with multiple Web site locations, routing traffic to the best available site from a single URL. Certain revisions of this package have an undocumented supervisor password. 
This password, which grants access to the 'wizard' mode of the device, is derived from the MAC address of the primary NIC. This MAC address is displayed in the login banner.

This password can be utilized from the admin console locally (via a serial interface) or remotely if the machine has been deployed with a modem for remote access. With this password an intruder gains shell access to the underlying UNIX system and may sniff traffic, among other things.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19904.tar.gz

Navigation

Suggest Exploit

Services By CQR