Quanta LB6M security warning

Discussion in 'Networking' started by jthm, Apr 6, 2018.

  1. jthm

    jthm New Member

    Joined:
    Mar 3, 2016
    Messages:
    2
    Likes Received:
    4
    I'm someone crazy enough to run an LB6M in production (I can afford a hot spare and a cold spare at their prices), and recently noted a security hole during a vulnerability scan.

    Apparently the LB6M has a "guest" user with empty password. This is not visible in "show running-config", or in a saved configuration. It is visible with "show running-config all".

    If you are like me with a strong password on an administrative user, but no enable password, you are not secure. I was able to run "no user guest" and prevent login with the guest user, but I see no difference in the running-config, or a new saved config. No idea if or how that change is persistent.

    Best practice is to change the management interface and make sure you have an enable password.
     
    #1
  2. Tracy Phillips

    Tracy Phillips New Member

    Joined:
    Jan 24, 2015
    Messages:
    1
    Likes Received:
    0
    Thank you for this info!

    What are you using for scanning?
     
    #2
  3. mrkrad

    mrkrad Well-Known Member

    Joined:
    Oct 13, 2012
    Messages:
    1,214
    Likes Received:
    45
    does this switch have web interface? as a brocade?
     
    #3
  4. mixmansc

    mixmansc New Member

    Joined:
    Feb 15, 2016
    Messages:
    29
    Likes Received:
    17
    No web interface on the LB6M.....
     
    #4

Share This Page