Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cisco Removes Backdoor Account, Fourth Incident in the Last Four Months (bleepingcomputer.com)

Posted by msmash on from the get-your-things-together dept.

For the fourth time this year, Cisco has removed hardcoded credentials that were left inside one of its products, which an attacker could have exploited to gain access to devices and inherently to customer networks. From a report: This time around, the hardcoded password was found in Cisco's Wide Area Application Services (WAAS), which is a software package that runs on Cisco hardware that can optimize WAN traffic management. This backdoor mechanism (CVE-2018-0329) was in the form of a hardcoded, read-only SNMP community string in the configuration file of the SNMP daemon. SNMP stands for Simple Network Management Protocol, an Internet protocol for collecting data about and from remote devices. The community string was there so SNMP servers knowing the string's value could connect to the remote Cisco device and gather statistics and system information about it.

19 of 51 comments (clear)

  1. Fool me once, shame on you... by K.+S.+Kyosuke · · Score: 4, Insightful

    ...fool me four times, I still won't get fired for buying Cisco?

    --
    Ezekiel 23:20
    1. Re: Fool me once, shame on you... by Anonymous Coward · · Score: 1

      Linksys is a cisco subsidiary....

    2. Re:Fool me once, shame on you... by bill_mcgonigle · · Score: 1

      You'll get fired for buying Cisco in my company but not in the Fortune 500, where blame is paramount to functionality. Cisco sells "blame us" for huge dollar values.

      Speaking of which, are any of the open-platform linux 10-gig switches under $5K yet?

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  2. Code Reviews by sycodon · · Score: 1

    They aren't an excuse for eating bagels.

    --
    When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
    1. Re: Code Reviews by johanw · · Score: 1

      It would not be the firdt time someone released a debug build in the wild.

  3. No news here by Anonymous Coward · · Score: 1

    The string is probably "public."

    1. Re:No news here by shaitand · · Score: 1

      It is news... the pattern suggests someone is actively cleaning house at cisco.

  4. How can this be so difficult? by Anonymous Coward · · Score: 1

    Certainly these types of things would be picked up by the rigorous and extensive code audit that all firmware at Cisco must undergo before being RTM right?

  5. This sort of thing really gets the wrong spin by shaitand · · Score: 1, Interesting

    Is it good that there were backdoors in the products? Of course not. But a rash of these sort of incidents being reported in a short time isn't a bad thing, it means someone is reviewing, cleaning house, and being transparent about it which is actually a good sign going forward. This kind of thing isn't a reason to dump a company or service it's more like six months ago you should have dumped them and didn't know it but now they are actually stepping up and whoever you switch to might be hiding all kinds of skeletons.

    1. Re:This sort of thing really gets the wrong spin by klingens · · Score: 1

      It shows Cisco is riddled with incompetent developers who are too stupid to get even the most simple hello world problem: "do not put backdoors in your work" wrong. So it doesn't matter if there is now a single guy on top who goes through all the code and makes them work it over. I means the developers there are too stupid to be trusted with anything. And all those lines by those same stupid developers are still in there. They still made the millions or even billions of LOC in Cisco firmware which Cisco cannot change, since it makes up the value of the company. They cannot change IOS suddenly to something that actually works without NSA backdoors and exploits.

      Also, we haven't heard or seen of any mass firing at Cisco, so these same developers who put in the backdoors last year will write the firmware for the Cisco router you want the public to buy next year.

    2. Re:This sort of thing really gets the wrong spin by AlwinBarni · · Score: 1

      At least Cisco PR is up to the task.
      Wasn't that always someone else (outside the company) finding those backdoors - just saying.

    3. Re:This sort of thing really gets the wrong spin by gravewax · · Score: 1

      bullshit. There are only 2 conclusions you can draw from this
      a) CISCO's development process is fundamentally broken and there security vetting so flawed as to be laughably competent or
      b) they are intentionally malicious.
      neither scenario is good news. These are not standard security flaws that should be expected and discovered.

    4. Re:This sort of thing really gets the wrong spin by AHuxley · · Score: 1

      The brands that buy the product need help often so the backdoor is the only way to help. All part and parcel of working with the modern global internet.
      The NSA demands such support and it has to be done.

      Thats the very best way of thinking about it. Its just part of the product line. To help consumer, to help the NSA.

      The next options are much more fun.
      The NSA and other US agencies have placed staff in a lot of big brands who do this code "undercover" and live for every generation of product.
      Other US cyber contractors find the backdoor and report it the FBI.
      The FBI goes looking for the spies and finds a NSA operation domestically. The FBI looks around and finds a way in.
      The backdoor is removed much later but the FBI cannot comment of the NSA.
      Its all for global police requests. Police in different nations demand such access and backdoors. No backdoor and the export deals fails.
      So every export product ships with a police ready backdoor. Police around the world then allow their own respective gov to use the products.
      The NSA and FBI are happy with that.
      Rather then alert the world to many nations police deep in every network and computer system its just a "backdoor" that is discovered and reported on and nobody really know much.

      So whats more of a happy ending?
      Its for the consumers for support?
      Its the good NSA? Its the NSA spying and later the FBI?
      Its lot of police? And a few nations mil looking for spies in their own nations? GCHQ likes to watch all networks in Ireland too?
      Everyone is winning until the police backdoor is found :)

      --
      Domestic spying is now "Benign Information Gathering"
    5. Re:This sort of thing really gets the wrong spin by shaitand · · Score: 1

      Everyone is losing who isn't some flavor of police.

    6. Re:This sort of thing really gets the wrong spin by AHuxley · · Score: 2

      Its amazing all this can stay in place and no users, experts ever really comment over the productive use of product lines. For generations.
      Thats some interesting power over publication and research.

      --
      Domestic spying is now "Benign Information Gathering"
  6. C'mon Cisco by DickBreath · · Score: 4, Funny

    Cisco needs to get serious about making its hardcoded back doors less easy to find.

    --

    I'll see your senator, and I'll raise you two judges.
  7. HAW. HAW? ow! by Thud457 · · Score: 1

    probably seineeWerAsreenignErepinuJ

    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

  8. No need to worry about Kaspersky or Huawei. by technoid_ · · Score: 1

    We don't need Russian or Chinese companies to open Americans' devices to foreign governments, Cisco is doing a good job by themselves.

    --
    Two wrongs don't make a right, but 3 lefts do - Lew of GO magazine
  9. Re:I thought this was standard for SNMP by pnutjam · · Score: 1

    Maybe ok, only on a controlled network. It's certainly not ideal. SNMP supports authentication now and has for over a decade.

    --
    Cheap storage VM.