I found a user automatically created from anonymous account
Antares3000
Posts: 26 
Freshman Member
Freshman Member
in Security
In my log i found this:
I checked in users section and i really found they new user zyxelmd
I checked all the others log available and i didn't find any other login account. Nobody entered in configuration settings. There is only one admin user configured and it owns 2 forms authentication.
I also disabled VPN connection, I deleted this user but i got it other 2 times.
What is happening?
It is a very strange issue
I m worried it could be a firewall bug...
Can you let me know please?
I'm using ATP700
Regards
Claudio
username:zyxelmd, usertype:admin, action:create. (Account: )
I checked in users section and i really found they new user zyxelmd
I checked all the others log available and i didn't find any other login account. Nobody entered in configuration settings. There is only one admin user configured and it owns 2 forms authentication.
I also disabled VPN connection, I deleted this user but i got it other 2 times.
What is happening?
It is a very strange issue
I m worried it could be a firewall bug...
Can you let me know please?
I'm using ATP700
Regards
Claudio
1
All Replies
-
Same. Two days ago Flex200 fw. 5.21 new unknow user (security issue?)
2022-05-17 09:33:53, , , alert ,user ,CONFIG CHANGE , , , , username:system, usertype:admin, action:create. (Account: )
Next day in log (same) new username: zyxelmd
But this user (zyxelmd) not list in users and saved config, only username:"system" see in the config
And the firewall not accessible via https web, and ssl vpn unusable. (need reboot local)
I see the config file changes, changes: new (unknow) user, and new line cloud-helper set remind never
After I change the ports https, ssl vpn, now reload "old" config, and upgrade fw to 5.30
Anyone tip or advice?
Thak you
Regards
Peter
0 -
Hi @Antares3000 @Pnagy,We usually suggest upgrade the firmware up to date due to security issue.Please kindly upgrade to the latest firmware.Note: Security AdvisoryKevin0
-
I found 5.20 usg50 flex zyxelmd and system users in configuration file. One created 19-5-2022 and other 17-5-2022.
Admin password is not breached. Please tell how to proceed.0 -
Hi @AnonymousBusiness,
Please kindly upgrade the firmware to 5.30.You can also find the Security Advisory .
Thank you
Kevin
0 -
Hello!I have same problem on flex500. All ports was changed, but i found them over ssh.I found user "zyxelmd" and "system", which was maked 16 may 2022. All was deleted.
My users were not changed.0 -
Hi @AG_DM,
Please kindly upgrade your firewall to ZLD5.30 asap.
feel free to contact us if you have concern.
Kevin0
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
