Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 2 [3] 4 5

Author Topic: VMG8924-B10A unbranded supervisor password  (Read 6255 times)

broadstairs

  • Kitizen
  • ****
  • Posts: 2704
Re: VMG8924-B10A unbranded supervisor password
« Reply #30 on: January 15, 2017, 10:23:10 AM »

I am playing with my F1000 this morning and just tried the ftp procedure to upload the rom.d file but it tells me the remote directory is protected and the ftp fails.

Stuart
Logged
ISP:TalkTalk Connection:FTTC Cab:ECI Router:ZyXEL VMG3925-B10B

manny2003

  • Member
  • **
  • Posts: 37
Re: VMG8924-B10A unbranded supervisor password
« Reply #31 on: January 15, 2017, 02:40:15 PM »

I am playing with my F1000 this morning and just tried the ftp procedure to upload the rom.d file but it tells me the remote directory is protected and the ftp fails.

Stuart

Maybe because you need to log as supervisor?
Logged

aam

  • Just arrived
  • *
  • Posts: 8
Re: VMG8924-B10A unbranded supervisor password
« Reply #32 on: January 15, 2017, 04:16:18 PM »

Make sure you put the file in the /fw directory via ftp and make sure it's called rom-d.
Logged

highpriest

  • Reg Member
  • ***
  • Posts: 133
Re: VMG8924-B10A unbranded supervisor password
« Reply #33 on: January 16, 2017, 12:04:46 AM »

I stand corrected. There is a supervisor account. If you try to change its password as admin, you get an error.

Code: [Select]
> passwd config --login supervisor SecretPass1234
password : Can not change supervisor password.

If you do the same using a dummy account, you get a different error, proving the account really exists.

Code: [Select]
> passwd config --login super SecretPass1234

Usage: Invalid user name super.

After messing about for a bit, I figured out that the supervisor password is printed out in plain text if you issue the dumpmdm command!

It chucks out a fair bit of information and the relevant bit is <AdminPassword> in the <X_5067F0_LoginCfg> section. Even the password for the admin account is displayed unencrypted.

Code: [Select]
    <X_5067F0_LoginCfg>
      <AdvancedAccountSecurity>FALSE</AdvancedAccountSecurity>
      <AdminUserName>supervisor</AdminUserName>
      <AdminPassword>**hidden**</AdminPassword>
      <AdminPasswordHash>(null)</AdminPasswordHash>
      <AdminPasswordModify>TRUE</AdminPasswordModify>

It is 8 characters, numbers and lowercase letters.

Even when you are logged on as supervisor using SSH, it does not allow you to change the supervisor password. You get the same 'Can not change supervisor password' error.

I can get into a shell by issuing the sh command as supervisor.

Edit: You can change the supervisor password by logging on to the GUI! Use the Login Privilege option on the top right :)
Logged
VMG8324-B10A Bridge | EdgeRouter PoE | UniFi AP AC Lite

manny2003

  • Member
  • **
  • Posts: 37
Re: VMG8924-B10A unbranded supervisor password
« Reply #34 on: January 16, 2017, 01:22:37 AM »

It is 8 characters, numbers and lowercase letters.

Nice discovery highpriest! I knew that you can change the password via the GUI once inside as supervisor, the problem was that after a factory reset the password was autogenerated and changed to something unknown. Apparently the dumpmdm seems to be the solution to the problem.
Could you please confirm that you are on a firmware greater that version 10 (for the VMG8924) in order to be sure you are using the latest firmware including the new supervisor password policy?

Anyone with a locked supervisor user that could verify this new discovery? I have a new router with a known supervisor password and I cannot factory reset it at the moment to test.  :blush:
Logged

highpriest

  • Reg Member
  • ***
  • Posts: 133
Re: VMG8924-B10A unbranded supervisor password
« Reply #35 on: January 16, 2017, 02:07:31 AM »

Yup. It's a VMG8324-B10A (de-branded F1000) running firmware 1.00(AAKL.15)C0.
Logged
VMG8324-B10A Bridge | EdgeRouter PoE | UniFi AP AC Lite

npr

  • Reg Member
  • ***
  • Posts: 238
Re: VMG8924-B10A unbranded supervisor password
« Reply #36 on: January 16, 2017, 09:44:24 AM »

Excellent find. :thumbs:

I can confirm the command dumpmdm does reveal the supervisor password for my VMG8924 FW 15C0.


Logged

broadstairs

  • Kitizen
  • ****
  • Posts: 2704
Re: VMG8924-B10A unbranded supervisor password
« Reply #37 on: January 16, 2017, 09:46:25 AM »

It also does on my F1000. Nice catch....

Stuart
Logged
ISP:TalkTalk Connection:FTTC Cab:ECI Router:ZyXEL VMG3925-B10B

broadstairs

  • Kitizen
  • ****
  • Posts: 2704
Re: VMG8924-B10A unbranded supervisor password
« Reply #38 on: January 16, 2017, 10:26:28 AM »

Interestingly my F1000 was now running V10 f/w, so after getting the supervisor p/w I updated to V15 and the password has remained the same as it was on V10. So it seems that the password is static.

Stuart
Logged
ISP:TalkTalk Connection:FTTC Cab:ECI Router:ZyXEL VMG3925-B10B

roseway

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 38610
  • Penguins CAN fly
    • DSLstats
Re: VMG8924-B10A unbranded supervisor password
« Reply #39 on: January 16, 2017, 11:01:04 AM »

I can confirm that the dumpmdm command reveals all the passwords on my VMG8324-B10A with the old 6b1 firmware. That's a very nice find.
Logged
  Eric

tubaman

  • Reg Member
  • ***
  • Posts: 160
Re: VMG8924-B10A unbranded supervisor password
« Reply #40 on: January 16, 2017, 05:12:58 PM »

 :thumbs:
I'm in - and all of the menus are available as Supervisor.
Strangely I can't assign the missing ones to the admin user as the Login Privilege menu has no save button!
I also can't change the supervisor password for the same reason.

No matter - at least I now have lots more to play with.
Well done highpriest.
 ;D
Logged
BT FTTC 80/20 Huawei Cab - Zyxel VMG8924

lloyd

  • Reg Member
  • ***
  • Posts: 103
Re: VMG8924-B10A unbranded supervisor password
« Reply #41 on: January 16, 2017, 08:03:03 PM »

Good find.  Works on my non-ISP 8924
:thumbs:
I'm in - and all of the menus are available as Supervisor.
Strangely I can't assign the missing ones to the admin user as the Login Privilege menu has no save button!
The only menu my admin account does not have assigned is VOIP line test - every thing else is ticked.  And I do have a save button for the admin login privs.
Logged

tubaman

  • Reg Member
  • ***
  • Posts: 160
Re: VMG8924-B10A unbranded supervisor password
« Reply #42 on: January 16, 2017, 08:10:49 PM »

Further to my earlier post I seem to have got mine working now (8924).
I was fiddling with the 'webstyle' command in the CLI, setting it to 'Brick' (don't know what the original setting was!) and the save button is now there.
What's odd is that it now won't go away whatever websyle I chose (none of which make any obvious difference to the GUI anyway).

The reason I thought webstyle might influence it is that the save button would appear for a second and then vanish making me think it was a GUI bug.
 :D
Logged
BT FTTC 80/20 Huawei Cab - Zyxel VMG8924

tubaman

  • Reg Member
  • ***
  • Posts: 160
Re: VMG8924-B10A unbranded supervisor password
« Reply #43 on: January 17, 2017, 09:32:33 AM »

It occurred to me that the default password for my Supervisor user is in a hex format (ie only contains digits 0-9 and letters a-f).
Is this just a coincidence on my unit or does it perhaps relate to another property of the router?
 :-\
Logged
BT FTTC 80/20 Huawei Cab - Zyxel VMG8924

broadstairs

  • Kitizen
  • ****
  • Posts: 2704
Re: VMG8924-B10A unbranded supervisor password
« Reply #44 on: January 17, 2017, 10:23:46 AM »

It occurred to me that the default password for my Supervisor user is in a hex format (ie only contains digits 0-9 and letters a-f).
Is this just a coincidence on my unit or does it perhaps relate to another property of the router?
 :-\

Well I just converted mine from hex values to characters and it is meaningless, consists of all special characters. So I don't believe we will get anywhere looking for a direct comparison, it is likely to have been a fairly random value initially.

Stuart
Logged
ISP:TalkTalk Connection:FTTC Cab:ECI Router:ZyXEL VMG3925-B10B
Pages: 1 2 [3] 4 5