Vulnerability Note VU#889195
RuggedCom Rugged Operating System (ROS) contains hard-coded user account with predictable password
RuggedCom Rugged Operating System (ROS) contains a hard-coded user account with a predictable password.
RuggedCom Rugged Operating System (ROS), used in RuggedCom network infrastructure devices, contains a hard-coded user account named "factory" that cannot be disabled. The password for this account is based on the device's MAC address and can be reverse engineered easily (CWE-261: Weak Cryptography for Passwords).
ROS also supports HTTP(S) and ssh services. In ROS 3.3.x, these services do not use the factory account. ROS does not appear to log successful or unsuccessful login attempts for the factory account.
An attacker with knowledge of an ROS device's MAC address may be able to gain complete administrative control of the device. The MAC address is displayed in the pre-authentication banner.
According to RuggedCom's security bulletin, "Version 3.10.1 of the ROSŪ firmware with security related fixes will be released on Tuesday May 22, 2012 and can be obtained by emailing email@example.com. Other ROSŪ firmware versions containing the same security fixes (3.9.3, 3.8.5, 3.7.9 & 3.11.0) will be released over the next few weeks on a staggered basis as development and testing is completed."
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|RuggedCom||Affected||10 Feb 2012||18 Jul 2012|
|Siemens||Affected||-||24 Apr 2012|
CVSS Metrics (Learn More)
Thanks to Justin W. Clarke, an independent security researcher in San Francisco, California, for reporting this vulnerability. Thanks also to ICS-CERT for testing and additional coordination with RuggedCom.
This document was written by Michael Orlando and Art Manion.
- CVE IDs: CVE-2012-1803
- Date Public: 23 Apr 2012
- Date First Published: 24 Apr 2012
- Date Last Updated: 18 Jul 2012
- Document Revision: 66
If you have feedback, comments, or additional information about this vulnerability, please send us email.