info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[OT] Backdoor found in some high end switches
77 views
Skip to first unread message
Simon Clubley
Jan 15, 2018, 1:49:34 PM1/15/18
to
From the advisory at https://support.lenovo.com/gb/en/product_security/len-16095
(Smart quotes replaced with normal quotes)
|ENOS, or Enterprise Network Operating System, is the firmware that powers some
|Lenovo and IBM RackSwitch and BladeCenter switches. An authentication bypass
|mechanism known as "HP Backdoor" was discovered during a Lenovo security audit
|in the Telnet and Serial Console management interfaces, as well as the SSH and
|Web management interfaces under certain limited and unlikely conditions. This
|bypass mechanism can be accessed when performing local authentication under
|specific circumstances using credentials that are unique to each switch. If
|exploited, admin-level access to the switch is granted.
Also at: https://tech.slashdot.org/story/18/01/15/1729247/lenovo-discovers-and-removes-backdoor-in-networking-switches
|The backdoor was added to ENOS in 2004 when ENOS was maintained by Nortel's
|Blade Server Switch Business Unit (BSSBU). Lenovo claims Nortel appears to
|have authorized the addition of the backdoor "at the request of a BSSBU OEM
|customer." In a security advisory regarding this issue, Lenovo refers to the
|backdoor under the name of "HP backdoor." The backdoor code appears to have
|remained in the firmware even after Nortel spun BSSBU off in 2006 as BLADE
|Network Technologies (BNT). The backdoor also remained in the code even after
|IBM acquired BNT in 2010. Lenovo bought IBM's BNT portfolio in 2014.
Makes you wonder what other bits of hardware might have backdoors in them.
Simon.
--
Simon Clubley, clubley@remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
(Smart quotes replaced with normal quotes)
|ENOS, or Enterprise Network Operating System, is the firmware that powers some
|Lenovo and IBM RackSwitch and BladeCenter switches. An authentication bypass
|mechanism known as "HP Backdoor" was discovered during a Lenovo security audit
|in the Telnet and Serial Console management interfaces, as well as the SSH and
|Web management interfaces under certain limited and unlikely conditions. This
|bypass mechanism can be accessed when performing local authentication under
|specific circumstances using credentials that are unique to each switch. If
|exploited, admin-level access to the switch is granted.
Also at: https://tech.slashdot.org/story/18/01/15/1729247/lenovo-discovers-and-removes-backdoor-in-networking-switches
|The backdoor was added to ENOS in 2004 when ENOS was maintained by Nortel's
|Blade Server Switch Business Unit (BSSBU). Lenovo claims Nortel appears to
|have authorized the addition of the backdoor "at the request of a BSSBU OEM
|customer." In a security advisory regarding this issue, Lenovo refers to the
|backdoor under the name of "HP backdoor." The backdoor code appears to have
|remained in the firmware even after Nortel spun BSSBU off in 2006 as BLADE
|Network Technologies (BNT). The backdoor also remained in the code even after
|IBM acquired BNT in 2010. Lenovo bought IBM's BNT portfolio in 2014.
Makes you wonder what other bits of hardware might have backdoors in them.
Simon.
--
Simon Clubley, clubley@remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
0 new messages