Title: Netpliance i-opener Password Vulnerability
Severity: MODERATE
Description:
A vulnerability exists in the i-opener, from Netpliance. By default, the i-opener ships with the telnetd daemon running, with a set root password. As the i-opener runs QNX, it is possible that if someone gains access to any i-opener, and can decrypt the password set for root (or any account on the machine) they can gain access to every i-opener.
It has determined that the root password for these i-openers is altered upon the first connection to the Netpliance network service, and set to a different password. This password is, according to Netpliance, unique to each host. In addition, recent versions of the i-opener do not suffer from this problem at all, even prior to connection.
The core problem, of i-openers being susceptible to the password decryption problem present in QNX, is still present. Anyone gaining shell level access to an i-opener could gain the root password for the machine.
Affected Products:
- Netpliance i-opener 1.0.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
