Slashdot Mirror
A Fifth Undocumented Cisco Backdoor Has Been Discovered (bleepingcomputer.com)
Cisco released 25 security updates Wednesday, including a critical patch removing an undocumented password for "root" accounts of Cisco Policy Suite (sold to ISPs and large corporate clients). "The vulnerability received a rare severity score of 9.8 out of a maximum of 10 on the CVSSv3 scale," reports Bleeping Computer.
An anonymous reader quotes Tom's Hardware: Over the past few months, not one, not two, but five different backdoors joined the list of security flaws in Cisco routers.... In March, a hardcoded account with the username "cisco" was revealed. The backdoor would have allowed attackers to access over 8.5 million Cisco routers and switches remotely. That same month, another hardcoded password was found for Cisco's Prime Collaboration Provisioning software, which is used for remote installation of Cisco's video and voice products. Later this May, Cisco found another undocumented backdoor account in Cisco's Digital Network Architecture Center, used by enterprises for the provisioning of devices across a network. In June, yet another backdoor account was found in Cisco's Wide Area Application Services, a software tool for Wide Area Network traffic optimization...
Whether or not the backdoor accounts were created in error, Cisco will need to put an end to them before this lack of care for security starts to affect its business.
An anonymous reader quotes Tom's Hardware: Over the past few months, not one, not two, but five different backdoors joined the list of security flaws in Cisco routers.... In March, a hardcoded account with the username "cisco" was revealed. The backdoor would have allowed attackers to access over 8.5 million Cisco routers and switches remotely. That same month, another hardcoded password was found for Cisco's Prime Collaboration Provisioning software, which is used for remote installation of Cisco's video and voice products. Later this May, Cisco found another undocumented backdoor account in Cisco's Digital Network Architecture Center, used by enterprises for the provisioning of devices across a network. In June, yet another backdoor account was found in Cisco's Wide Area Application Services, a software tool for Wide Area Network traffic optimization...
Whether or not the backdoor accounts were created in error, Cisco will need to put an end to them before this lack of care for security starts to affect its business.
I can only assume that Cisco has moved on from selling to the engineering teams to selling to the c-suite. That's the only explanation I can come up with for a company with multiple back-doors found in their products still being able to make sales.
A thousand pounds of wood moving at 300 feet per minute. Don't get in the way.
No one falls on their sword these days, or even admits anything because: lawyers. And no one gets fired.
After all, one is a mistake, three is a bit more than oopsy-doo, and five? Well, five is: "We never did give a shit. Are my stock options ready yet? This junior coder gig has to pay me at least something."
---- Teach Peace. It's Cheaper Than War.
Most of these came from a massive code review Cisco has been doing through their entire software codebase, which across all their products is truly massive. They found a good number of flaws, and honestly these backdoor accounts mostly look like debugging features left in inadvertently.
No. Just fucking no.
There is no reason. NO REASON to put a hard-coded default username/password into any software or hardware. None. Not even for "debugging" purposes. A retarded 12 year old who has never seen a computer could understand that this is a really stupid idea.