Backdoor In Optical Fiber Device Alcatel-Lucent
The newest optical fiber devices offered by the ISP Infinitum have a backdoor which allow for full administration of these devices. This backdoor account is hidden by nature and does not allow for the password to be changed.
I was looking for a way to generate wireless password in Infinitum's new optical fiber devices when I happened to come across with an administration account with a static password which allows for full administration of the device.
This account is hidden and the password cannot be changed - a typical backdoor. After looking around a bit on the Internet, I noticed that his account is available on multiple devices.
The backdoor uses the following credentials:
Here is the configuration file of the web authentication portal of the device which contains the backdoor account. You can see that the typical user account "TELMEX" has a password which was automatically generated (same password for WPA) and the backdoor account does not appear on the administration list of the device.
Enjoy your day.
* This post was originally written by Pedro Joaquin and translated by Roberto Salgado. The original post in Spanish can be found here.
Subscribe to our Newsletter
Get the latest cybersecurity insights and updates delivered to your inbox.