Quanta LB6M security warning

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

jthm

New Member
Mar 3, 2016
6
5
3
123
I'm someone crazy enough to run an LB6M in production (I can afford a hot spare and a cold spare at their prices), and recently noted a security hole during a vulnerability scan.

Apparently the LB6M has a "guest" user with empty password. This is not visible in "show running-config", or in a saved configuration. It is visible with "show running-config all".

If you are like me with a strong password on an administrative user, but no enable password, you are not secure. I was able to run "no user guest" and prevent login with the guest user, but I see no difference in the running-config, or a new saved config. No idea if or how that change is persistent.

Best practice is to change the management interface and make sure you have an enable password.
 

Vince123

New Member
Sep 1, 2017
8
0
1
45
Any reason why someone shouldn't run the LB6M in production, even after flashing with Turboiron 24x ?