An internal document listing the backdoor accounts for switches manufactured by networking equipment vendor Allied Telesis was circulating online Friday, a day after an internal support page providing instructions on accessing hard coded back door accounts in the company's products was found to be publicly accessible.
The Excel spreadsheet, "Password_List" was apparently downloaded from Allied's support Web site and posted to a public, file sharing Web site on Thursday. It contains instructions for accessing around 20 models of network switching equipment manufactured by Allied Telesis, including default administrative user name and password information and special key combinations and passwords that can be used to enable back door features in the switches.
The spreadsheet was one of four documents accessible from an Allied Telesis support page containing instructions on enabling back doors. The page was marked for internal use only, but ended up visible to the public Internet. While some of the switches listed in the document have hard coded back door account passwords, many have dynamic passwords that are based on the MAC address of the hardware and require a separate password generator application to create. The password generator application was also available from the support page and has also been leaked online.
Continued : http://threatpost.com/en_us/blogs/vendors-list-backdoor-accounts-leaked-online-052711
Also: Allied Telesis divulges secret backdoor