Re: APC 9606 SmartSlot Web/SNMP management card "backdoor"

[Fredrik Björk <Fredrik.Bjork.List@varbergenergi.se>]

Hi!

Our AP9617 card behaves a bit differently, but still, the password checks 
out... It's too in a Silicon 10 kVA UPS, but the card can be used in 
everything from the smallest BackUPS to huge Silicons.

/Fredrik


User Name : [anything]
Password  : *******************

Final Functional Test:  version 1.0.0

Operate at 38400 baud (y/n)? y

Change baud rate to 38400 and press <ENTER>Version:apc_hw02_aos_105.bin 
Network Management Card AOS
AOS Checksum: PASSED
Version:apc_hw02_dp3e_116.bin   Silcon DP300E Series APP
Application Checksum: PASSED


Hardware Revision:9
Model Number:AP9617
Serial Number:xxxxxxxxx
Manufacture Date:xx/xx/2002
MAC Address:00 C0 B7 xx xx xx
International Type:A
Language Type:A
Hardware Revision <ENTER> for current value:
Model Number <ENTER> for current value:
Serial Number <ENTER> for current value:
Manufacture Date <ENTER> for current value:
MAC Address <ENTER> for current value:
International Type <ENTER> for current value:
Language Type <ENTER> for current value:

Perform the self-test (y/n)? n


> *** Background:
> APC (American Power Conversion) SmartSwitch and UPS (uninterruptible power
> supply) products have a Web and SNMP management card installed that permits
> local serial console, TELNET, web and SNMP management, monitoring and
> mains power control of attached devices.
>
>
> *** The Problem:
> APC SmartSlot Web/SNMP management cards have a "backdoor" password that can
> be abused to extract plain text username/password details for all accounts
> and hence gain unauthorised full control of the device.