VULHUB ™

NetEnforcer is a Quality of Service system built on a Linux distribution and custom hardware system. By default, NetEnforcer includes three preconfigured accounts with default passwords. These account and password combinations are as follows: root/bagabu admin/allot monitor/allot The monitor account allows a remote user to gain local unprivileged access to the system, while the root and admin accounts give a user administrative access to a system. It should also be noted that the default MySQL installation used with NetEnforcer does not allow remote access, although local users may access MySQL administrative accounts without passwords. However, unauthorized remote database access may be possible if SSH port forwarding is enabled, as it is in the default configuration of the device. To further compound this issue, the /etc/shadow file has insecure default permissions.

NetEnforcer is a Quality of Service system built on a Linux distribution and custom hardware system. By default, NetEnforcer includes three preconfigured accounts with default passwords. These account and password combinations are as follows: root/bagabu admin/allot monitor/allot The monitor account allows a remote user to gain local unprivileged access to the system, while the root and admin accounts give a user administrative access to a system. It should also be noted that the default MySQL installation used with NetEnforcer does not allow remote access, although local users may access MySQL administrative accounts without passwords. However, unauthorized remote database access may be possible if SSH port forwarding is enabled, as it is in the default configuration of the device. To further compound this issue, the /etc/shadow file has insecure default permissions.