Announcement

Collapse
No announcement yet.

Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products

    Zyxel has released a patch to address a critical vulnerability in its firmware concerning a hardcoded undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices.

    According to the advisory published by Zyxel, the undocumented account ("zyfwp") comes with an unchangeable password ("PrOw!aN_fXp") that's not only stored in plaintext but could also be used by a malicious third-party to login to the SSH server or web interface with admin privileges.
    Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products
    https://thehackernews.com
    A Secret Hard-Coded Backdoor Account Found in Several Zyxel Firewall, VPN Products
    Certified Security Geek
    Tags: backdoor, cve-2020-29583, news, zyxel
  • #2
    It is crazy that vendors do this today. That this still happens. I find it hard to believe this was not put in for a malicious purpose. There has been an incredibly amount of focus on security for the years and doing this always been a bad idea. It is very unlikely the vendor did not know this. I tend to believe they just hoped that no one would notice.
    When going from version 4.60 to 4.60 Patch 1 it looks be be i a very recent version of the firmware.
    I have just one more question... What else is there to find and what was it used for. Updates over FTP? Why would you need access from the outside in, for the system to download and update when it is already in system context?
    Certified Security Geek

    Comment

    Previous template Next
    Working...
    X

    We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

    By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

    I Agree