Backdoor In Optical Fiber Device Alcatel-Lucent
I was looking for a way to generate wireless password in Infinitum's new optical fiber devices when I happened to come across with an administration account with a static password which allows for full administration of the device.
This account is hidden and the password cannot be changed - a typical backdoor. After looking around a bit on the Internet, I noticed that his account is available on multiple devices.
The backdoor uses the following credentials:
Here is the configuration file of the web authentication portal of the device which contains the backdoor account. You can see that the typical user account "TELMEX" has a password which was automatically generated (same password for WPA) and the backdoor account does not appear on the administration list of the device.
Enjoy your day.
* This post was originally written by Pedro Joaquin and translated by Roberto Salgado. The original post in Spanish can be found here.