Brocade ServerIron ADX 1016 Multiple Vulnerabilities

The Brocade ServerIron ADX 1016 (Shodan search) contains a default administrator account according to the manual:

The password | nopassword parameter indicates whether the user must enter a password. If you
specify password, enter the string for the user’s password.

NOTE
There is a default username “admin” and the password “brocade”. For the security purpose, you may
want to delete the default username. You will have to create at least one username in order to delete
it. Otherwise, the default username will be automatically created after rebooted.

By default Telnet does not require a password:

Enabling Telnet password
To assign a password for Telnet session access, enter the following command.
ServerIronADX(config)# enable telnet password secretsalso

With physical access you can reset the administrator password:

By default, the CLI does not require passwords. However, if someone has configured a password for
the ServerIron ADX but the password has been lost, you can regain super-user access to the
ServerIron ADX using the following procedure.
NOTE
Recovery from a lost password requires direct access to the serial port and a system reset.
Follow the steps listed below to recover from a lost password.
1. Start a CLI session over the serial interface to the ServerIron ADX.
2. Reboot the ServerIron ADX.
3. While the system is booting, before the initial system prompt appears, enter b to enter the boot
monitor mode.
4. Enter no password at the prompt. (You cannot abbreviate this command.)
5. Enter boot system flash primary at the prompt. This command causes the device to bypass the
system password check.
6. After the console prompt reappears, assign a new password.

Advertisements

Tags: , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: