Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

jsutterfield

1 Message

10057

August 15th, 2005 19:00

PowerConnect 3448 authentication bug

The 3448 (and possibly others in the 34xx family) have an authentication bug.

If a user is created with level 15 priviledge with a single line such as:
username testid password password level 15

The user operates correctly.

If a user is created and then changed to level 15 priviledge via a second line such as:
username testid password password
username testid level 15

That user is not prompted to enter a password and is granted full access to the switch. If the admin user is set to level 15 priviledge via an after the fact line such as:
username admin level 15

The admin can be logged in with no password and full access.

A show run shows the users with encrypted passwords and level 15 priviledge, but the switch does not prompt for a password and allows the user to log in with full access.

DELL-Cuong N.

1K Posts

August 15th, 2005 19:00

Thanks for reporting this problem.  That's a good catch.  I have notified my group of the problem.  We will try to have it corrected in future releases.  I believe I understand what's happening:

  • When you create the user with "username testid password passw" without the privilege level it actually created a user with a default level of 1.
  • Then when you run the command "username testid level 15" you actually are not just changing the level but instead you wiped out the password (since you didn't specify one) and changing the permission to level 15.
  • The reason you see an encrypted password is because even a "blank" password is encrypted in a way so you see that regardless of whether you created a password or not.  For example, if you had created just a user without password you will still see that user showing up in the configuration with an encrypted password (basically a special encryption that tell the software that the password is in fact blank).

We will also put this information in our release notes.  So in fact, if anyone else is reading this, please make sure you always define the user to include password and user level on one single line.  Do not set the level without specifying password otherwise the password will be blanked.

Thanks again for catching this user interface problem.

Cuong.

GregM_1

2 Intern

 • 

112 Posts

August 15th, 2005 19:00

What connection method are you using, or are all affected?  Console, telnet, http, etc.?
 
Can we get a copy of the running config?

jeffeager

2 Posts

August 16th, 2005 12:00

FYI -
The 3348 SW ver. 1.2.0.6 has the same issue.
The 3248 SW ver. 1.0.1.7 does NOT have the issue.

Was this post helpful?

View All

No Events found!

Top