Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Bug

ICS-CERT Warns That Infrastructure Switches Have Hard-Coded Account Holes 60

Trailrunner7 writes with news of more critical infrastructure not being well secured. From the article: "The Department of Homeland Security is warning users of some of GarrettCom's switches that there is a hard-coded password in a default account on the devices, which are deployed in a number of critical infrastructure industries, that could allow an attacker to take control of them. A researcher at Cylance discovered the hidden account and warned the ICS-CERT...The problem exists in the GarrettCom Magnum MNS-6K Management Software and the company has released an updated version of the application that addresses the vulnerability. GarrettCom's switches are used in a variety of industries, including transportation, utilities and defense. The company issued a new version of the affected software in May, but didn't note that the fix for this vulnerability was included in it. 'A "factory" account intended to only be allowed to log in over a local serial console port exists in certain versions of GarrettCom's MNS-6K and MNS-6K-SECURE software. Cylance has identified an unforseen method whereby a user authenticated as "guest" or "operator" can escalate privileges to the "factory" account,' Cylance said in its advisory."

Slashdot Top Deals

Your good nature will bring you unbounded happiness.

Working...