I'm someone crazy enough to run an LB6M in production (I can afford a hot spare and a cold spare at their prices), and recently noted a security hole during a vulnerability scan.
Apparently the LB6M has a "guest" user with empty password. This is not visible in "show running-config", or in a saved configuration. It is visible with "show running-config all".
If you are like me with a strong password on an administrative user, but no enable password, you are not secure. I was able to run "no user guest" and prevent login with the guest user, but I see no difference in the running-config, or a new saved config. No idea if or how that change is persistent.
Best practice is to change the management interface and make sure you have an enable password.
Apparently the LB6M has a "guest" user with empty password. This is not visible in "show running-config", or in a saved configuration. It is visible with "show running-config all".
If you are like me with a strong password on an administrative user, but no enable password, you are not secure. I was able to run "no user guest" and prevent login with the guest user, but I see no difference in the running-config, or a new saved config. No idea if or how that change is persistent.
Best practice is to change the management interface and make sure you have an enable password.