Lenovo inherited a switch authentication bypass – from Nortel
@Lenovo has patched an ancient vulnerability in switches that it acquired along with @IBM ‘s hardware businesses and which #BigBlue itself acquired when it slurped parts of @Nortel. The bug, which Lenovo refers to as “ #HPbackdoor”, for reasons it has not explained, has been in present in #ENOS (Enterprise network operating system) since at least 2004 – when ENOS was still under the hand of Nortel. Lenovo’s advisory says the issue “was discovered during a Lenovo security audit in the Telnet and Serial Console management interfaces, as well as the SSH and Web management interfaces under certain limited and unlikely conditions”. There are three vulnerable scenarios, the advisory said: Authentication via the Telnet or serial consoles, if used for local authentication, “or a combination of RADIUS, TACACS+, or LDAP and local authentication under specific circumstances”; The Web management interface is vulnerable when the user is authenticating via “a combination of RADIUS or TACACS+ and local authentication”, and then only in “an unlikely condition”; and “SSH for certain firmware released in May 2004 through June 2004”, again with a combination of RADIUS or TACACS+. The “unlikely conditions” Lenovo referred to depend on which interface is potentially being attacked.