web statisticsweb stats Business Phone Systems Tech Talk Forum - VOIP & Cloud Phone Help

Business Phone Systems

Previous Thread
Next Thread
Print Thread
Rate Thread
Page 3 of 4 1 2 3 4
Joined: Oct 2015
Posts: 93
Likes: 2
DonaldR Offline OP
Member
OP Offline
Member
Joined: Oct 2015
Posts: 93
Likes: 2
Update...on the voice mail portion, I'm "In Like Flynn" as is said on EEVBlog.

I hunted around online and found that the ACS Messaging SysAdmin password was set at the factory default......Egads. WTF

Easy for me, and certainly not very secure.

The software level is Partner ACS Version 7.0.42.

I screen saved a Voice Mail Box Report, then reset all of the VM passwords. I'll dig into the capture of messages, or attempting to forward them to my email address via the LAN connection.

Apparently there's at least one voice mail box which had no person's name and voice mails were left it unknown to anyone else, as far back as December of last year I think.

It's not connected to the outside world, as of current since it is most definitely vulnerable to prying touch toners.... computerprobs


"Most people don't have a sense of humor. They think they do, but they don't." --Jonathan Winters
Avaya IP Office Help & Support Website
IP Office Help

Avaya IP Office Help & Support Website


FAQs, documentation, videos, updates, and support for the Avaya IP Office business phone system!
Everything you need to know about installing, upgrading, and troubleshooting IP 500v2 and IPO Server Edition systems.

Joined: Feb 2005
Posts: 12,342
Likes: 3
Member
***
Offline
Member
***
Joined: Feb 2005
Posts: 12,342
Likes: 3
Quote
I hunted around online and found that the ACS Messaging SysAdmin password was set at the factory default......Egads. WTF

No egads. All messaging system have permanent backdoor passwords which were closely guarded secrets until the scumbags on the internet spread them all around. Fortunately that didn't happen until after the Partner system was long discontinued. There had to be a backdoor because there would be no way to get into the system if someone were to change the normal admin password. At this point in time I doubt that anybody knows or cares to hack a Partner messaging system anyway. There are much bigger fish to fry.

So it's really a non issue.

-Hal


CALIFORNIA PROPOSITION 65 WARNING: Some comments made by me are known to the State of California to cause irreversible brain damage and serious mental disorders leading to confinement.
Joined: Oct 2015
Posts: 93
Likes: 2
DonaldR Offline OP
Member
OP Offline
Member
Joined: Oct 2015
Posts: 93
Likes: 2
Originally Posted by hbiss
[quote]No egads. All messaging system have permanent backdoor passwords which were closely guarded secrets until the scumbags on the internet spread them all around. Fortunately that didn't happen until after the Partner system was long discontinued. There had to be a backdoor because there would be no way to get into the system if someone were to change the normal admin password. At this point in time I doubt that anybody knows or cares to hack a Partner messaging system anyway. There are much bigger fish to fry.

So it's really a non issue.

-Hal

I do not believe this to be the Backdoor password I found.

According to @1:42:

Avaya Partner - How to set up Partner Messaging Module from a PC

Using the sysadmin login

The password is "whatever you are using to log in over the phone". Then he explains "If you haven't logged in for the first time yet, just press press enter here".

There was a post on the Tek-Tips board where it is claimed the default password for sysadmin is 123456. In my case this worked.

Partner Messaging Administator Password Reset

Now I am a little confused, is the sysadmin password initially "unset" or is it simply 123456....

There is also an option to change this password which I confirmed, If this is the case, then I don't think this is the "backdoor" access.

There was mention of a voice mail password only being four digits. Under version 7.0 passwords must be 6 to 15 digits.

Partner ACS Voicemail Remote Access

I suppose this may be a very early release of the Messaging software, or there is indeed a vast amount of misinformation out there.


"Most people don't have a sense of humor. They think they do, but they don't." --Jonathan Winters
Joined: Jul 2001
Posts: 3,342
Likes: 10
Moderator-Avaya-Lucent, Antique Tele
*****
Offline
Moderator-Avaya-Lucent, Antique Tele
*****
Joined: Jul 2001
Posts: 3,342
Likes: 10
The Partner Messaging series (R1, R6, and R7) come with the Administrator password unset. On the first login, no matter what you enter as the password followed by #, or even no password and just #, you are prompted that your password is "too short" - because it doesn't exist. Default security settings require a minimum of 6 digits, so the typical lazy installer/programmer will type in 123456 and move on with their day. There ARE backdoor passwords for each version, and they are different and complex. The first thing the customer should do (because ultimately they are the owner of the system and responsible for it) is to change the admin password, keep it in a safe place, and possibly even change the minimum password length to more than 6 digits.

Partner Mail VS is completely different, there is a default Admin password and a backdoor.
Partner Mail has 2 separate Admin passwords, both are required for access. The Admin mailbox extension number can be changed from the default as well. Backdoor access requires the serial number from the disk and a power cycle.
Partner Voice Messaging has a backdoor that will not work on an external call, must be input on site.

Joined: Feb 2005
Posts: 12,342
Likes: 3
Member
***
Offline
Member
***
Joined: Feb 2005
Posts: 12,342
Likes: 3
Quote
Some of our users have the default 1234 passwords. I have just discovered that remote access is enabled by pressing *7 when getting to the greeting prompt. I believe there is a programming code for disabling remote access. I would like to disable remote access while I perform a check of everyone's voicemail passwords. Is this possible?

Ahh, you were talking about the individual mailbox passwords set up by the the employees. As Tommy said, there is no default here either. If they choose 123456 that's on them and there is no way to tell other than trying to log into their mailbox with 123456. The administrator doesn't have access to (can't see) the individual user passwords so he can't "check" them. All the administrator can do is reset a mailbox password to default. Then if he want's to snoop on the messages he is going to have to set a new password same as the user. So the user will know if the admin has been in his mailbox when his password no longer works.

Quote
I have just discovered that remote access is enabled by pressing *7 when getting to the greeting prompt.

This is a separate situation. (*)(7) from outside gets you to the same place (I)(777) does on a system phone- the voice mail greeting. It allows outside users to retrieve their VM messages remotely. You can also get to the messaging system administration if you know how and the admin password- same as in the office.

-Hal


CALIFORNIA PROPOSITION 65 WARNING: Some comments made by me are known to the State of California to cause irreversible brain damage and serious mental disorders leading to confinement.
Joined: Oct 2015
Posts: 93
Likes: 2
DonaldR Offline OP
Member
OP Offline
Member
Joined: Oct 2015
Posts: 93
Likes: 2
Originally Posted by Touch Tone Tommy
The Partner Messaging series (R1, R6, and R7) come with the Administrator password unset. On the first login, no matter what you enter as the password followed by #, or even no password and just #, you are prompted that your password is "too short" - because it doesn't exist. Default security settings require a minimum of 6 digits, so the typical lazy installer/programmer will type in 123456 and move on with their day. There ARE backdoor passwords for each version, and they are different and complex. The first thing the customer should do (because ultimately they are the owner of the system and responsible for it) is to change the admin password, keep it in a safe place, and possibly even change the minimum password length to more than 6 digits.

That makes perfect sense.

Partner Mail VS is completely different, there is a default Admin password and a backdoor.
Partner Mail has 2 separate Admin passwords, both are required for access. The Admin mailbox extension number can be changed from the default as well. Backdoor access requires the serial number from the disk and a power cycle.
Partner Voice Messaging has a backdoor that will not work on an external call, must be input on site.

Requirement of the serial number seems even better. Xerox like many other companies in the computer software business had "key" creation software based on the serial number of the product and a unique identifier which the customer provided.

Thanks for clearing this up! smile


"Most people don't have a sense of humor. They think they do, but they don't." --Jonathan Winters
Joined: Oct 2015
Posts: 93
Likes: 2
DonaldR Offline OP
Member
OP Offline
Member
Joined: Oct 2015
Posts: 93
Likes: 2
Originally Posted by hbiss
Quote
Some of our users have the default 1234 passwords. I have just discovered that remote access is enabled by pressing *7 when getting to the greeting prompt. I believe there is a programming code for disabling remote access. I would like to disable remote access while I perform a check of everyone's voicemail passwords. Is this possible?

Ahh, you were talking about the individual mailbox passwords set up by the the employees. As Tommy said, there is no default here either. If they choose 123456 that's on them and there is no way to tell other than trying to log into their mailbox with 123456. The administrator doesn't have access to (can't see) the individual user passwords so he can't "check" them. All the administrator can do is reset a mailbox password to default. Then if he want's to snoop on the messages he is going to have to set a new password same as the user. So the user will know if the admin has been in his mailbox when his password no longer works.

Quote
I have just discovered that remote access is enabled by pressing *7 when getting to the greeting prompt.

This is a separate situation. (*)(7) from outside gets you to the same place (I)(777) does on a system phone- the voice mail greeting. It allows outside users to retrieve their VM messages remotely. You can also get to the messaging system administration if you know how and the admin password- same as in the office.

-Hal

It seems in Version 7.0.X four digit passwords for mailboxes is not allowed. They must be at least six digits. So I don't know where this other person had it in his head that the mailbox passcode be only four digits.

With Panasonic TVS/TVA, from the outside world it's #6 then *(extension/mailbox number). From there you then enter your pass code to retrieve messages.


"Most people don't have a sense of humor. They think they do, but they don't." --Jonathan Winters
Joined: Feb 2005
Posts: 12,342
Likes: 3
Member
***
Offline
Member
***
Joined: Feb 2005
Posts: 12,342
Likes: 3
Originally Posted by DonaldR
It seems in Version 7.0.X four digit passwords for mailboxes is not allowed. They must be at least six digits. So I don't know where this other person had it in his head that the mailbox passcode be only four digits.

That's what you get for going to an IT forum for phone system information.

-Hal


CALIFORNIA PROPOSITION 65 WARNING: Some comments made by me are known to the State of California to cause irreversible brain damage and serious mental disorders leading to confinement.
Joined: Jul 2001
Posts: 3,342
Likes: 10
Moderator-Avaya-Lucent, Antique Tele
*****
Offline
Moderator-Avaya-Lucent, Antique Tele
*****
Joined: Jul 2001
Posts: 3,342
Likes: 10
Oh, you can have 4 digit passwords. You can even have NO passwords. But out of the box, 6 is the minimum length. Once you have created the Administrator's password and can access the system, you can then change the minimum password length to anything from 0 to 15 digits

Joined: Oct 2015
Posts: 93
Likes: 2
DonaldR Offline OP
Member
OP Offline
Member
Joined: Oct 2015
Posts: 93
Likes: 2
Originally Posted by hbiss
Originally Posted by DonaldR
It seems in Version 7.0.X four digit passwords for mailboxes is not allowed. They must be at least six digits. So I don't know where this other person had it in his head that the mailbox passcode be only four digits.

That's what you get for going to an IT forum for phone system information.

-Hal


Ha ha ha! Good one! smiley-bounce


"Most people don't have a sense of humor. They think they do, but they don't." --Jonathan Winters
Page 3 of 4 1 2 3 4

Link Copied to Clipboard
Forum Statistics
Forums84
Topics94,262
Posts638,697
Members49,757
Most Online5,661
May 23rd, 2018
Popular Topics(Views)
211,112 Shoretel
187,717 CTX100 install
186,810 1a2 system
Newest Members
BPopilek, Rich F, LewisR, TDKs79, Buttinset
49,757 Registered Users
Top Posters(30 Days)
dexman 18
Toner 11
TDKs79 7
pvj 4
jc2it 4
Who's Online Now
2 members (justbill, Curlycord), 55 guests, and 422 robots.
Key: Admin, Global Mod, Mod
Contact Us | Sponsored by Atcom: One of the best VoIP Phone Canada Suppliers for your business telephone system!| Terms of Service

Sundance Communications is not affiliated with any of the above manufacturers. Sundance Phone System Forums - VOIP & Cloud Phone Help
©Copyright Sundance Communications 1998-2024
Powered by UBB.threads™ PHP Forum Software 7.7.5