Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hardcoded Password Found in Cisco Enterprise Software, Again (bleepingcomputer.com)

Posted by msmash on from the security-woes dept.

Catalin Cimpanu, writing for BleepingComputer: Cisco released 16 security advisories yesterday, including alerts for three vulnerabilities rated "Critical" and which received a maximum of 10 out of 10 on the CVSSv3 severity score. The three vulnerabilities include a backdoor account and two bypasses of the authentication system for Cisco Digital Network Architecture (DNA) Center. The Cisco DNA Center is a piece of software that's aimed at enterprise clients and which provides a central system for designing and deploying device configurations (aka provisioning) across a large network. This is, arguably, a pretty complex piece of software, and according to Cisco, a recent internal audit has yielded some pretty bad results.

8 of 70 comments (clear)

  1. Who the Fuck is Writing the Shit? by sycodon · · Score: 3, Funny

    Are they using overseas programmers?

    Is this another success of outsourcing?

    --
    When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
    1. Re:Who the Fuck is Writing the Shit? by sit1963nz · · Score: 4, Interesting

      No, this is the NSA, CIA, FBI, DHS , etc etc etc doing their part in making the world less safe.

      But don't worry, they were only going to use it responsibly , and as you have nothing to hide its all good....

      These are not the exploits you are looking for.......

    2. Re:Who the Fuck is Writing the Shit? by AHuxley · · Score: 2

      Welcome to PRISM.

      --
      Domestic spying is now "Benign Information Gathering"
  2. Again by Anonymous Coward · · Score: 2, Informative

    There are automated tools to find this stuff. So why?

  3. Irrefutable facts. by Narcocide · · Score: 4, Insightful

    These passwords were either left there purposefully or accidentally. If they were left there purposefully it may have been done either with or without Cisco's knowledge.

    There is no combination of available possibilities that can be justified by acceptable behavior from a network security hardware vendor of this stature. Either they are effectively completely incompetent or they're effectively completely malicious.

    1. Re:Irrefutable facts. by scdeimos · · Score: 4, Funny

      Either they are effectively completely incompetent or they're effectively completely malicious.

      We're talking about Cisco here. What makes you think it's an either/or choice?

  4. This is why we continue to have these problems by Anonymous Coward · · Score: 4, Interesting

    The company discovered many backdoors and hardcoded accounts in the past two years as part of internal audits and has received some pretty unfair criticism for its efforts.

    WTF WTF WTF WTF.

    Unfair criticism? You've got to be shitting me.

    The company discovered many backdoors and hardcoded accounts in the past two years as part of internal audits

    And where did these backdoors come from? Aliens? NO, YOU PUT THEM THERE!

  5. FTFY by glowworm · · Score: 2

    To: All AmericanTLA
    From: Cisco CEO

    Recently we discovered three vulnerabilities that have meant the unfortunate discovery of one of the many NSA hidden administrative accounts and two of the security bypass accounts for hidden use by the FBI and CIA.

    We here at Cisco want to assure our most important customers that we take the discovery of your backdoors very seriously. We are now sending out a patch to the enterprise muppets that includes a new backdoor on port 6969 with the username/password pair admin:nimda

    Cisco values our AmericanTLA customers greatly and want to assure you that this unfortunate defect in our backdoor enabling program was only a minor exposure. There were still many hundreds of your usable backdoors undiscovered and at no time was your ability access to private data reduced or compromised.

    God Bless America.
    Chuck
    CEO Cisco

    --
    Orationem pulchram non habens, scribo ista linea in lingua Latina