Security bugs on console servers
All those bugs were discovered during a research in 2005 (German) on console servers.
Most of them are fixed or supposedly fixed by now. Upgrade your firmware.
acs-ssl.retrieval.txt: pulling RSA PRIVATE KEY from a Cyclades ACS *)
acs.cyclades.ssldump.txt: using this SSL key to sniff HTTPS session (watch out for line containing the
avocent-sshbug.txt: circumventing port-based user ACL's on an Avocent CCM
mrv-sshbug.txt: circumventing port-based user ACL's on an MRV In-Reach by SSH public key authentication
rari-problems.txt: 1) no password for uid sshd and dominion, 2) world readable /etc/shadow, 3) world writeable /bin/busybox *)
scs.nmap.txt: not an immediate problem, but what has nmap to do on a console server?
slc-problems.txt: Lantronix' SLC suffered 1) from the fact that SSH private keys were under doc-root of web server (and mini_httpd doesn't care about ACL's), 2) logfiles are publicy viewable since they are under doc-root, too *)
Issues marked w/ *) means: only n/w access needed, no credentials.