VULHUB ™

A vulnerability exists in the i-opener, from Netpliance. By default, the i-opener ships with the telnetd daemon running, with a set root password. As the i-opener runs QNX, it is possible that if someone gains access to any i-opener, and can decrypt the password set for root (or any account on the machine) they can gain access to every i-opener. It has determined that the root password for these i-openers is altered upon the first connection to the Netpliance network service, and set to a different password. This password is, according to Netpliance, unique to each host. In addition, recent versions of the i-opener do not suffer from this problem at all, even prior to connection. The core problem, of i-openers being susceptible to the password decryption problem present in QNX, is still present. Anyone gaining shell level access to an i-opener could gain the root password for the machine.

A vulnerability exists in the i-opener, from Netpliance. By default, the i-opener ships with the telnetd daemon running, with a set root password. As the i-opener runs QNX, it is possible that if someone gains access to any i-opener, and can decrypt the password set for root (or any account on the machine) they can gain access to every i-opener. It has determined that the root password for these i-openers is altered upon the first connection to the Netpliance network service, and set to a different password. This password is, according to Netpliance, unique to each host. In addition, recent versions of the i-opener do not suffer from this problem at all, even prior to connection. The core problem, of i-openers being susceptible to the password decryption problem present in QNX, is still present. Anyone gaining shell level access to an i-opener could gain the root password for the machine.