Project RUGGEDRAINBOW
On 23-Apr-2012, US-CERT publicly disclosed that a private cybersecurity researcher discovered a flaw in RuggedCom’s product line. What was discovered was that an undocumented backdoor account existed within all released versions of RuggedCom’s Rugged Operating System (ROS®). The account name, “factory”, which cannot be disabled, utilized the device’s MAC address as the basis for an algorithmic generated numeric-only password to gain administrative access to the device. This was a feature for permitting site administrators to recover their passwords.
Following the public disclosure, infracritical® was requested by federal authorities from the United States and Canada to provide a ‘rainbow table’ consisting of every possible permutation of generated passwords matched against their respective MAC addresses.
The net result was a complete listing of 33,554,432 entries (roughly 1.1 GB) that was provided to federal authorities.
At the time of the incident, RuggedCom was a wholly-owned corporation; shortly after the incident, the corporation was purchased by Siemens.
The ‘backdoor’ feature has since been removed.
SCID Incident Information
SCID Information
SCID No.: V-0008
SCID Type: Incidental
SCID Subtype: Negligible
Information Statement
Information contained within this site is considered ‘experimental’ and should not be used for conclusive or evidentiary purposes.
Description
Any networking device running RuggedCom RuggedOS (ROS®) at Version 3.11 or earlier, while using the account named ‘factory’, along with a password derived from the MAC address of the device, which may be obtained via either scanning the device, or accessing it via ‘telnet’†.
† A proof-of-concept was made available publicly.
Vulnerability Status
Status: CRITICAL
CVSS v2.0 Base Score: 10.0; Temporal Score: 8.3
CVSS v3.0 Base Score: 9.8