3Com News & Events News/Events | Partners | Technology | Solutions | Products | Support | Inside 3Com 3Com Home | Log In | Search | Feedback | Site Map | Site Features | Document Center | Shop | Legal 3Com Security Advisory for CoreBuilder and SuperStack II customers 3Com is issuing a security advisory affecting select CoreBuilder LAN switches and SuperStack II Switch products. This is in response to the widespread distribution of special logins intended for service and recovery procedures issued only by 3Com's Customer Service Organization under conditions of extreme emergency, such as in the event of a customer losing passwords. Due to this disclosure some 3Com switching products may be vulnerable to security breaches caused by unauthorized access via special logins. To address these issues, customers should immediately log in to their switches via the following usernames and passwords. They should then proceed to change the password via the appropriate Password parameter to prevent unauthorized access. * CoreBuilder 6000/2500 - username: debug password: synnet * CoreBuilder 3500 (Version 1.0) - username: debug password: synnet * CoreBuilder 7000 - username: tech password: tech * SuperStack II Switch 2200 - username: debug password: synnet * SuperStack II Switch 2700 - username: tech password: tech The CoreBuilder 3500 (Version 1.1), SuperStack II Switch 3900 and 9300 also have these mechanisms, but the special login password is changed to match the admin level password when the admin level password is changed. Customers should also immediately change the SNMP Community string from the default to a proprietary and confidential identifier known only to authorized network management staff. This is due to the fact that the admin password is available through a specific proprietary MIB variable when accessed through the read/write SNMP community string. This issue applies only to the CoreBuilder 2500/6000/3500 and SuperStack II Switch 2200/3900/9300. Fixed versions of software for CoreBuilder 2500/6000/3500 and SuperStack II Switch 2200/3900/9300 will be available from 3Com by Wednesday 20th May 1998. The CoreBuilder 3500 customers running software version 1.0 may upgrade at no cost to CoreBuilder 3500 Version 1.1 Basic software. This software will be available on the 3Com website by the above date. General administration of these systems should still be performed through the normal documented usernames and passwords. Other facilities found under these special logins are for diagnostic purposes and should only be used under specific guidance from 3Com's Customer Service Organization. For more information 3Com has dedicated a hotline at 1-888-225-1733. Outside the United States please contact your local Customer Service Organization location. European Toll-Free Contact Numbers: * Austria 06 607468 * Belgium 0800 71429 * Denmark 800 17309 * Finland 0800 113153 * France 0800 917959 * Netherlands 0800 0227788 * Norway 800 11376 * Poland 00 800 3111206 * Portugal 05 05 313416 * South Africa 0800 995014 News/Events | Partners | Technology | Solutions | Products | Support | Inside 3Com Home | Log In | Search | Feedback | Site Map | Site Features | Document Center | Shop | Legal Copyright © 1998 3Com Corporation. All rights reserved.