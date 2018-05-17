Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
Security

Hardcoded Password Found in Cisco Enterprise Software, Again (bleepingcomputer.com) 19

Posted by msmash from the security-woes dept.
Catalin Cimpanu, writing for BleepingComputer: Cisco released 16 security advisories yesterday, including alerts for three vulnerabilities rated "Critical" and which received a maximum of 10 out of 10 on the CVSSv3 severity score. The three vulnerabilities include a backdoor account and two bypasses of the authentication system for Cisco Digital Network Architecture (DNA) Center. The Cisco DNA Center is a piece of software that's aimed at enterprise clients and which provides a central system for designing and deploying device configurations (aka provisioning) across a large network. This is, arguably, a pretty complex piece of software, and according to Cisco, a recent internal audit has yielded some pretty bad results.

Hardcoded Password Found in Cisco Enterprise Software, Again More | Reply

Hardcoded Password Found in Cisco Enterprise Software, Again

Comments Filter:

  • Who the Fuck is Writing the Shit? (Score:3, Funny)

    by sycodon ( 149926 ) on Thursday May 17, 2018 @05:38PM (#56629276)

    Are they using overseas programmers?

    Is this another success of outsourcing?

    • No, this is the NSA, CIA, FBI, DHS , etc etc etc doing their part in making the world less safe.

      But don't worry, they were only going to use it responsibly , and as you have nothing to hide its all good....

      These are not the exploits you are looking for.......

  • Again (Score:1)

    by Anonymous Coward

    There are automated tools to find this stuff. So why?

    • A tool that automates will by definition find a repeat of a previous (similar, if smart enough) action. A new programmer, placing in the root password in a new chunk of code, can still do it in so many ways as to be undetectable.

  • These passwords were either left there purposefully or accidentally. If they were left there purposefully it may have been done either with or without Cisco's knowledge.

    There is no combination of available possibilities that can be justified by acceptable behavior from a network security hardware vendor of this stature. Either they are effectively completely incompetent or they're effectively completely malicious.

    • The only "default password" should be to log into an unboxed device or application, and be REQUIRED to change it before proceeding further. DONE! Solves that problem. Move on

    • Either they are effectively completely incompetent or they're effectively completely malicious.

      We're talking about Cisco here. What makes you think it's an either/or choice?

  • This is why we continue to have these problems (Score:3, Interesting)

    by Anonymous Coward on Thursday May 17, 2018 @05:53PM (#56629342)

    The company discovered many backdoors and hardcoded accounts in the past two years as part of internal audits and has received some pretty unfair criticism for its efforts.

    WTF WTF WTF WTF.

    Unfair criticism? You've got to be shitting me.

    The company discovered many backdoors and hardcoded accounts in the past two years as part of internal audits

    And where did these backdoors come from? Aliens? NO, YOU PUT THEM THERE!

  • oh, "Were Agile we don't need no stinking' QA"

Slashdot Top Deals

Any circuit design must contain at least one part which is obsolete, two parts which are unobtainable, and three parts which are still under development.

Close