<plugin_id>284</plugin_id>
<plugin_name>Nortel Networks router telnet manager level without password</plugin_name>
<plugin_family>Network Devices</plugin_family>
<plugin_created_date>2005/01/02</plugin_created_date>
<plugin_created_name>Marc Ruef</plugin_created_name>
<plugin_created_email>marc.ruef at computec.ch</plugin_created_email>
<plugin_created_web>http://www.computec.ch</plugin_created_web>
<plugin_created_company>computec.ch</plugin_created_company>
<plugin_version>1.0</plugin_version>
<plugin_protocol>tcp</plugin_protocol>
<plugin_port>23</plugin_port>
<plugin_procedure_exploit>open|sleep|send Manager\n|sleep|close|pattern_exists $</plugin_procedure_exploit>
<plugin_exploit_accuracy>98</plugin_exploit_accuracy>
<plugin_comment>The NASL script is Copyright (C) 2000 Victor Kirhenshtein</plugin_comment>
<bug_produced_name>Nortel Networks</bug_produced_name>
<bug_affected>Nortel Networks</bug_affected>
<bug_not_affected>Other solutions</bug_not_affected>
<bug_vulnerability_class>Weak Authentication</bug_vulnerability_class>
<bug_description>The remote Nortel Networks (former Bay Networks) router has  no password for the manager account. An attacker could telnet to the router and reconfigure it to lock you out of it. This could prevent you from using your Internet connection.</bug_description>
<bug_solution>telnet to this router and set a password immediately.</bug_solution>
<bug_fixing_time>Approx. 10 minutes</bug_fixing_time>
<bug_exploit_availability>Yes</bug_exploit_availability>
<bug_remote>Yes</bug_remote>
<bug_local>Maybe</bug_local>
<bug_severity>High</bug_severity>
<bug_popularity>8</bug_popularity>
<bug_simplicity>8</bug_simplicity>
<bug_impact>9</bug_impact>
<bug_risk>8</bug_risk>
<bug_nessus_risk>High</bug_nessus_risk>
<bug_check_tool>Nessus can check this flaw with the plugin 10528 (Nortel Networks passwordless router (manager level)).</bug_check_tool>
<source_nessus_id>10528</source_nessus_id>
<source_literature>Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427</source_literature>
<source_misc>http://www.computec.ch</source_misc>