17 Dec
2003
17 Dec
'03
11:17 p.m.
Since you didn't specify the method of access. it is hard to determine if this is a large security hole. Most equipment can be rebooted and brought up without a password IF you have local access. For example, Cisco routers can be brought up without password simply by specifying the starting address of the load file, but you have to be at the local console to do this. UNIX systems can be brought up w/o password in single-user mode, if you have local access. Yes, there are firmware passwords to guard against this on many systems, but one can always swap up the eeprom, etc. I'd only be worried about the 3Com backdoor if it can be used remotely. Got any details? -r.w.