logo

Technical statement

Statement on Pierre Kim Revealing Security Vulnerabilities in C-data OLT products

 

We have noticed an article named “Multiple vulnerabilities found in C-Data OLTs” published in Github. C-Data admires the work of two professionals in technological circles, Pierre Kim and Alexandre Torres, and thanks for their identifying security breach problems through detailed testing, as well as for their active work in reducing the risks of users using network products. C-Data adheres to the philosophy of serving customers, and always puts customers’ interests in the first place, as well as pays special attention to the product safety problems. In this way, C-Data can provide customers with products with safety guarantee.

In the meantime, we have paid attention to some press releases published by the media, and have interpreted technical articles by Pierre Kim and Alexandre Torres. In order not to let the majority of customers misunderstand the safety design of our equipment, C-Data analyzes and clarifies the mentioned technical issues with a sincere and frank manner.

 

Excluding counterfeit products

 图片1

 

The account mentioned in this article: panger123/suma123. We have investigated the account and the password. In addition, we have confirmed that the account and password are not from the C-Data OLT products, but are those used by other companies and people when they copy the C-Data OLT. The CLI style and most of its commands of the counterfeited OLT are all copied from the C-Data OLT. C-Data  OLT equipment is now widely used around the world, and counterfeiters copy C-Data OLT for illegal profits.

According to the following screenshot, we can completely compare and analyze that the account of panger123/suma123 comes from an illegally copied OLT.

[Replica command line style and version information]

图片2

 

[C-Data FD11XX series OLT version information and command line style]

图片3

 

If you use the account of panger123/suma123, you can never access C-Data OLT. The following figure shows the information interception of the failed attempt to log into the C-Data OLT with panger123/suma123 account.

图片4

This article analyzes the problem regarding “Authentication process with hardcoded credentials”. The demonstration indicates that we log into the bcm-shell of OLT and receive the key information of OLT with the telnet method. The relevant information all comes from the replica, instead of the C-Data OLT. In the screenshots, the account and password information marked in red is that of the fakes.

图片5

图片6
Introduction to several factory setting accounts

  1. The following two telnet login accounts and passwords mentioned in this article are actually used on the C-Data’s first generation OLT (OLT starting withFD11XX):

OLT telnet account 1: debug/debug124

OLT telnet account 2: root/root126

 

This account and password are mainly used by C-Data to assist customers in debugging problems and writing production parameters. (OLT mac address information and SN information, etc.)

 

This account must be successfully logged in to the CONSOLE port by a local serial line on the OLT, then can entering the OLT bcm-shell mode to modify and view key information of the OLT. Use this accout under OLT TELENT mode, we can only enter the CLI of the device, can not entering OLT bcm-shell modify the key information of OLT.

 

If attacks want to enter the bcm-shell mode of OLT to obtain device privacy information or implant malicious programs into OLT, they must log into OLT by directly connecting the serial port line of the computer locally. In this way, by no means can the remote attackers use these two accounts to attack.

 

Therefore, there is no such situation as “Backdoor Access with telnet”.

 

In addition, as regards these two accounts, C-Data has revealed to the required customers without reservation. A common use of customers happens when they need to modify the MAC address.

 

[The following figure shows how to log into C-Data OLT remotely with debug/debug124 and root/root126, and how to attempt to enter the shell mode prompt. In addition, OLT prompt only supports entering bcm-shell under the direct connection of CONSOLE.]

图片7
Another usage scenario of debug/debug124 and root/root126 is when C-Data provides remote technical support at the request of customer. All C-Data’s remote access obtained customer’s consent after consultation with customers. When operating, the operator need to log in to the customer’s computer remotely, then log in to the device using the local serial ports of these two accounts, and work with the customer for positioning analysis of network problems in this way. Customer’s technicians will participate in and supervise the process of technical services throughout the process.

As for whether there is an issue where an attacker logs into the CLI using these two accounts through TELNET and then changes the configuration of the OLT, resulting in network security problems, we will further explain it in the security policy later.

OLT telnet Account3:guest/[empty]

The account and password are the account of factory default configuration, which can only check some basic information of OLT, and without having the authority to configure any OLT. The user can delete or modify the account as needed when using it.

 

  1. Solution: As the FD11XX series OLT is the first generation models of C-DataOLT, the account and password rules of which are not fully considered. The default password is fixed and too simple, which may be taken advantage by criminals. C-Datawill immediately update and release the software version of this OLT product. In the latest version, the debugging account will no longer adopt the general fixed password, and the password will be generated by a special password generation tool according to the unique identification code bound to the device. If there is no unique identification code information of the device or password generation tool, the password cannot be obtained.

 

More Secure Cryptographic Mechanism

For other models of C-Data OLTs(OLT named FD15XX, FD16XX, FD12XX, FD8000), the problem of “Backdoor Access with telnet” does not exist, because these OLTs adopt a more secure cryptographic mechanism. The device is configured with several general accounts by factory default, including root/admin, admin/admin and guest/guest, which can be used by customers to initially configure OLT. Customers need to create, delete and modify the login account and password of the device according to their own security policies when using the device. We do not recommend using the factory default username and password in the operation network.

The device retains a debugging account for assisting customers in debugging and solving problems, and this account can also be used by customer to find the forgotten password when they forget the login password of OLT. However, the account no longer uses the general password, and the password is calculated and generated according to the unique identification information of the customer’s OLT. Only when the customer provides the information of unique identification code in conjunction with the special password generation tool can the password be generated. The password of each OLT is different, which will better ensure the safety of the device.

 

The Requirement of WEB Login Management

The user name and password displayed in this article are actually the needs of numerous users. The account and password are the login user name and password in the web management interface of OLT. As many customers feedback that some of their junior maintenance personnel may easily forget login the username and password  of OLT’s WEB management interface, and hope that higher-level managers can query the username and password of the WEB through OLT CLI, we provide this command at the customer’s request, so that customers can check the login username and password of the WEB by themselves through the command line. We believe that the customer can formulate an effective security management system, properly manage the use of usernames and passwords to avoid the risk of using this command.

图片8

 

 

Security strategies and suggestions

  1. The article introduces several schemes that can be used to attack the C-DataOLT after knowing the account and password of C-Data’s “Backdoor Access with telnet” from the perspective of network security risks. C-Databelieves that the majority of customers have a set of measures suitable for their own defense against cyber-attack. The following will list the common measures to defend against cyber-attack on the customer’s side. These measures can protect the OLT from the following attack means mentioned in the article:

* Escape shell with root privileges

* Pre-Auth Remote DoS

* Credentials infoleak and credentials in clear-text (HTTP)

* Weak encryption algorithm

* Insecure management interfaces

 

Defense Strategy 1: In general network planning, all OLT management VLANs and service VLANs on the client-side are different. If the management VLAN used by the attacker is incorrect, this kind of planning makes it impossible to access the OLT equipment from the network-side of the OLT (uplink) or the user side (downlink to ONU).

图片9

 

Defense strategy 2: OLT is used as an access layer device. For many small and medium-sized ISPs, OLT is usually deployed on the intranet of its network. When the intranet goes to the public network, it will pass through the router or firewall device. Services such as telnet and http are disabled on the router and firewall equipment; Those who access the OLT are employees who have access to the OLT in the customer’s intranet; Indeed, if there are other personnel who need to access the OLT device in the intranet via the public network, they need to do port forwarding on the router or firewall, and only the customer knows the forwarding rules, so it is difficult for the attacker to obtain information and carry out attack.

 

Defense strategy 3: The OLT of C-Data has made a lot of control strategies, which are set by the customers themselves, and it can completely prevent network attackers from illegally logging into the device:

OLT configuring strategy 1:

It can be controlled by the OLT’s system access-control to allow certain specific IP addresses or mac to access the OLT device configured by the customer and is completely unknown to others.

图片10

OLT configuring  strategy 2:

The OLT’s outband acess can be turned on or off by the customer. Customers can turn off outband management and use inband management. In this case, device management is achieved through a dedicated management channel separated from business data, thus the network security is higher.

图片11

 

 

OLT configuring strategy 3:

OLT’s Web access port can be modified by the customer and can be closed and opened by the customer.

图片12

 

OLT configuring strategy 4:

The OLT can be configured with a perfect acl function to prevent the device from being attacked easily.

图片13

图片14

 

Conclusion

The article by Pierre Kim and Alexandre Torres did summarize in detail, and seriously tests C-Data’s device from the perspective of security vulnerabilities. The original intention of the original article was to feedback security vulnerabilities in the device, so that technicians and users notice security risks and carry out effective security precautions, not the meaning of “OLT device backdoor” when the media relayed the dissemination, and should not be interpreted as C-Data intentionally left a backdoor on the product. C-Data expects that products will give customers the best experience and make it more convenient for them to use the device. C-Data has the ability to help customers better establish defense strategies in cyber security. C-Data also welcomes all parties to put forward reasonable suggestions, so that C-Data device can give more consideration to customers’ safety issues and confusion when using the device under the premise of providing convenience and practicality to customers. Thank you!

 

 

 

 

Apendix:

Original source of the document:

https://pierrekim.github.io/blog/2020-07-07-C-Data-olt-0day-vulnerabilities.html
图片17

 

Online Media Reprint:

https://www.zdnet.com/article/backdoor-accounts-discovered-in-29-ftth-devices-from-chinese-vendor-c-data/
图片16

 

 

 

 

 

 

IMG_4144-2

C-DATA 2020 New Year Party Report

Time flies, C-Data’s first decade is a thing of the past.

In the past ten years, there have been hardships and joys. Everyone has been working hard and finally made what C-Data is today.

On January 4, 2020, all the staff of Shenzhen C-Data Technology Co., Ltd. and industry guests who have been accompanying and supporting C-Data, more than 500 people gathered in Nanrong Hotel to enjoy the C-Data 2019 Commendation Conference and the 2020 New Year Party.

IMG_4144-2

Mr. Tsui Yunliang, the general manager of the company, gave a speech at the beginning and shared the company’s development history and future plans. We have encountered setbacks in the past ten years, but never give up, In the coming 2020, we will also be full of passion to proceed and make a good start for the next decade.

IMG_4150

Success comes from the effort of every employee. This year we have set up many awards to commend excellent employees. The awards include Best New Employee、Progressive Star, Excellent Employee、Excellent Leader、Excellent Team、Great Diligence and Model Worker.

There are such a group of people rooted in various departments of the company, some are like screws, some are the mainstay, and they all have a rock-solid and immovable faith to escort the company’s growth. Therefore, in this year, C-Data specially set up Memorial Award and Rock Award for employees who have served the company for 5 years and 8 years respectively.

IMG_4189

The staff also conscientiously prepared the show to perform at this time. Dances, songs, comedies, and other performances have been brilliantly presented, which bring the audience cheers and applause. In particular, the management team also prepared a wonderful melodrama. Thanks for those who squeezed time in rehearsing the show, and present us wonderful performances and surprises!

IMG_4274

Dance

IMG_4231

Villain Dance

IMG_4289

Melodrama

After the show, it was a thrilling lucky draw and games sessions. There were more than 300 prizes of various kinds. Excitedly, the leadership continuously sponsored the lottery,which brought more applause, cheers and screams. Games sessions took place during the lucky draw and everyone was actively interacted, showing the joy and harmony of the big family, C-Data. The whole party lasted seven hours, and it was full of joyous atmosphere from the beginning till the end.

IMG_4134

We survived from the hardships of starting a business and experienced the challenging growth. In 2020, let us sail again and create a new chapter!

CIOE

C-Data exhibits at 2019 CIOE

On September 4-7th , 2019, the 21st CIOE Expo was held as scheduled at the Shenzhen Convention and Exhibition Center. CIOE is the world’s largest photoelectric professional exhibition, bringing together many related technologies such as optical communication exhibition, laser technology and intelligent manufacturing exhibition, infrared technology and application exhibition. Read more

cdata 十周年庆 (2)

Start From now on again

19th, August is a very special day for C-Data employees, which is the 10th anniversary of the C-Data. New Start means new journey. In order to celebrate this important day and achieve further goals, we went to Qingyuan city to have a exciting party and Meaningful training with the whole team. Read more

COMMWORLD

Welcome to visit C-Data at COMMWORLD 2019

Dear Customers,

The COMMWORLD 2019 will be held from August 15 to 17, 2019 at SMX Convention Center Manila. C-Data is located in booth J01 , welcome to visit us there. Read more

ANGACOM

Welcome to visit C-Data at ANGACOM2019

Dear Customers,

ANGACOM is Europe’s most professional Exhibition in Telecommunication and Media industry for Broadband, Cable & Satellite. ANGACOM 2019 will be held from 04th to 06th June in Cologne, Germany. We sincerely invite you and your company representatives to visit us.
Read more

CCBN LOGO 400-400

Welcome to visit C-Data at CCBN2019

Dear Customers,

The China Content Broadcasting Network 2019 will be held from March 21 to 23, 2019 at China International Exhibition Center (CIEC) Beijing, China. C-Data is located in Hall 2B booth 301 , welcome to visit us there. Read more

C-Data new year party

C-DATA 2019 New Year Party Report

Time flies, and it is the New Year celebration!On January 19, Shenzhen C-DATA Technology Co., Ltd. solemnly hosted the 2018 Commemoration Conference and the 2019 New Year’s Evening Party with the theme of “Connecting Hearts Together, Raising Sails to the Far”, with more than 500 participants from all walks of life accompanying and supporting the company’s development. Read more

shengdan

Merry Christmas

 Merry Christmas

May your Christmas be filled with special moment, warmth, peace and happiness, the joy of covered ones near, and wishing you all the joys of Christmas and a year of happiness.

——C-Data