[c-nsp] TIL: Maintenance Operations Protocol (MOP)

[Drew Weaver]

AAA was unconfigured as I was testing on a lab router.

Whether or not it provides unauthorized access depends on whether you expect anyone that has something connected to that router to have access to the console or not.

At the very least it provides an opportunity and a vector.

It doesn't seem to log anything when you use it, too.

-----Original Message-----
From: Oliver Boehmer (oboehmer) <oboehmer at cisco.com> 
Sent: Friday, August 6, 2021 11:48 AM
To: Gert Doering <gert at greenie.muc.de>; Lukas Tribus <lukas at ltri.eu>
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] TIL: Maintenance Operations Protocol (MOP)


    On Fri, Aug 06, 2021 at 02:00:30PM +0200, Lukas Tribus wrote:
    > I'm no longer putting in hundreds of hours to fight losing battles,
    > which earlier in my carrier I did:
    > https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.cisco.com_security_center_content_CiscoSecurityAdvisory_Cisco-2DSA-2D20140828-2DCVE-2D2014-2D3347&d=DwIGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=OPufM5oSy-PFpzfoijO_w76wskMALE1o4LtA3tMGmuw&m=C7uP5I5FPqc4m2MQRUF_ir9MYgYPqlHPppfTRkcOuGU&s=cqRIG75OwMpTMXCVJLn6A_Iq4_3cYPNbJBKRE0xMhSk&e=

    Ensuring that MOP is dead and stays buried might actually be worth a
    PSIRT effort - any feature that is on-by-default and enables unauthorized
    access to a device should be worth the fight.

+1, and worth a PSIRT case right away. 
But it doesn't provide unauthorized access, does it? Drew's test showed a password prompt (not sure what the AAA config looked like).. 

	oli