omg man, this is a serious fking breach of security. What's the issue with using your own router? Wouldn't it work?

Has anyone made complaints to MCMC?


p.s. Thanks riz for posting this. It's good to have a whitehat around.

This post has been edited by DeniseLau: May 30 2010, 10:47 PM

Still can't find out the other admin account. thought it was 'operator, but no cigar.

What happens if you reset the router back to factory defaults? Will this "hidden" account remain? Will it reset the password for the account? Will the account still have remote management enabled after a reset?

Resetting doesn't work, this exploit relies on the fact that this account uses the default user/pass combo. Resetting it just resets it back to the same user/pass, remote management will be disabled however. But there's really no point anyway, the SSH daemon is still accessible via LAN.. cant stop it at all from the GUI even with this second account.

Even though I am not UNIFI user, but according to the manual of DIR-615 downloaded from D-Link website, the default user name is 'Admin' and the default password is to leave the password field empty, means no password.

Have anyone tried resetting the DIR-615 and try login with user name 'Admin' and empty password?

admin and an empty pass works on some Unifi routers with older firmware <7.05. The newer one is admin and (removed by wkkay) as the pass.

This post has been edited by wKkaY: Jun 1 2010, 04:28 PM

May be TM use customized firmware.

But, since you found the password, better change it.

I just had lunch with someone. Can't reveal much but look up for the Space Shuttle Challenger case study, and related it to a big Government linked company like TM...

Thats the max hint I can give.

At least if you reset the router, the remote management becomes disabled without you having to access the account to do it manually. Easier for basic users to do. Then the account becomes inaccessible from the outside world, right? Isn't the SSH damon also disabled by default? So without remote access to the account, you cannot enable ssh? Correct me if I am wrong please.

When you say "accessible via LAN" , are you referring to your own internal network, ie other users at home / office? Or are you referring to other Unifi users within the Unifi network?

If I understad correctly, TM should disable remote management by default. They just have to reset the router upon installation. If TM requires remote management to do troubleshooting or maintenance, when a user calls the helpline, they can be instructed on how to enable the remote management , do the necessary maintenance and then rest / disable it again.

It's part of the Unifi installation process to enable remote management for some reason. Its disabled in a fresh reset but the technicians will enable it. Don't ask me why :S

The SSH server is always running. Even when you do a reset, its still running. The box in the 2ndary account for SSH access will be unticked, which only means the WAN (others on the internet) cannot access the SSH daemon. Other people on your LAN (192.168.0.0/24) will be able to access it fine when its not 'enabled' in the web user interface. That's why I say its still a risk to people running open Unifi hotspots at shops.

You may not want to give hints on the details, but at least hint more on the general topic you are referring to...

Guesses..

1. Is TM going to contact these forum admins and request that this and other similar topics about TM be removed or banned? Or the media has been informed not to take up this matter?

2. TM is fully aware of this but they are waiting for something to happen first, then take action or come up with excuses later?
I would think security professionals would rather be pro-active about security rather than re-active.

3 rizvanrp is going to be blown up via remote management?...??

first and foremost,

thanks rizvanrp for the post!

so what's the conclusion for all these?

don't subscribe to unifi?

p/s: not a tech savvy person, don't get 90% of things u guys talking. except TM can rob ur porn.

Mine is version 7.05. Login is 'admin' and password is blank. Got it from the installer btw.
Ah.. so telekom is the pass for... let me try when I get home.

my friend told me they enable the remote management for the FIRST level of troubleshooting purpose doing by network operation center, to "see" our router (damage or not) in case if our service down before they send their tech to cust house...

i still remember somebody mentioned about his router suddenly reboot just about minute after he called Unifi support center.

Well thank you for the hint rizvanrp. Finally got access to 'true' admin account.

Yeah. Thanks to Rizvanrp & Cannavaro for the Hints. I definitely wanna make DIR615 as a "Back-up" Vlan Bridge. Hahahaha. Fun Fun Fun!!!!

Rizvan, good job as usual

allow me to say these:

1) TM staff are mostly less IT-literate than any IT personnel in other large IT MNC firms.

2) TM management are mostly completely IT-illiterate.

3) TM 2 dumb to know all this and assumes the public are no better than them.

---

Added on June 1, 2010, 12:20 amthis info will be very very much appreciated if any1 have it...


This post has been edited by t3chn0m4nc3r: Jun 1 2010, 12:20 AM

You're wrong. They are smarter than us. Or else, they would be the one working for us instead of the other way round.

Anyway, time to boot up backtrack now~

are both global account and the ssh accounts the same?

edit: never mind, i figured it out. =D

This post has been edited by nitewish: Jun 1 2010, 03:04 AM