ROFL Cisco again

wintermute000 · June 26, 2015, 11:51:43 PM

http://arstechnica.com/security/2015/06/two-keys-to-rule-them-all-cisco-warns-of-default-ssh-keys-on-appliances/

this is almost as funny as that time Sun shipped that version of Solaris with a hidden root account (or something like that) with a common PW

what the heck were they thinking??? Sure build a vendor support mechanism but for pete's sake it has to be authorised by the client/key set by the client, surely

deanwebb · June 27, 2015, 08:56:53 AM

This is not going to help them move security gear, I can tell you that right now.

And, yes, having those pre-inserted keys will make support much easier because, basically, YOU ARE COMPROMISING THE SECURITY OF THE SECURITY DEVICE THAT YOU SOLD. Idiots!

NetworkGroover · June 28, 2015, 11:59:05 AM

Slick.

deanwebb · July 02, 2015, 11:59:42 AM

Quote from: wintermute000 on June 26, 2015, 11:51:43 PM
this is almost as funny as that time Sun shipped that version of Solaris with a hidden root account (or something like that) with a common PW

http://www.hackbusters.com/news/stories/347058-cisco-ucdm-platform-ships-with-default-static-password

^ And this is even more like that, because it is.

srg · July 02, 2015, 12:32:48 PM

Quote from: deanwebb on July 02, 2015, 11:59:42 AM
Quote from: wintermute000 on June 26, 2015, 11:51:43 PM
this is almost as funny as that time Sun shipped that version of Solaris with a hidden root account (or something like that) with a common PW

http://www.hackbusters.com/news/stories/347058-cisco-ucdm-platform-ships-with-default-static-password

^ And this is even more like that, because it is.

There are others as well, that's been using the same static root password (linux based appliance) for years.

ROFL Cisco again

wintermute000

deanwebb

NetworkGroover

deanwebb

srg