Hard coded Cisco password in the Nexus 3K

Started by dlots, March 03, 2016, 08:52:56 AM

Previous topic - Next topic

dlots

Because Juniper shouldn't have all the fun.

At least this one should already have access to it heavily limited unlike the outside facing VPN stuff Juniper had.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n3k

NetworkGroover

Jeez - why do vendors even do this????  What's the use case?
Engineer by day, DJ by night, family first always

Otanx

I am guessing it was setup to be used used during development so they can get in and debug even if everything is borked, and then forgot about it after. I know a lot of people are thinking it is proof of government backdoors, but I don't think the government would code their backdoor to use telnet.

I give it 48 hours till the login info for this account is public.

-Otanx

dlots

#3
My idea on this is never attribute to malice what can just as easily be attributed to laziness and stupidity.... however if the password happens to be "<<< %s(un='%s') = %u" I am not sure how I will react.

Dieselboy

I have NX3k switches here running version 6.0(2)U4(4) so it looks as though I'm unaffected.

Does anyone know what the credentials are?
:awesome:

dlots

don't think they are available yet, but I am sure they will be soon.