Hard coded Cisco password in the Nexus 3K

Started by dlots, March 03, 2016, 08:52:56 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

dlots

March 03, 2016, 08:52:56 AM
Because Juniper shouldn't have all the fun.

At least this one should already have access to it heavily limited unlike the outside facing VPN stuff Juniper had.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n3k

NetworkGroover

#1
March 03, 2016, 11:19:47 AM
Jeez - why do vendors even do this????  What's the use case?
Engineer by day, DJ by night, family first always

Otanx

#2
March 03, 2016, 12:50:47 PM
I am guessing it was setup to be used used during development so they can get in and debug even if everything is borked, and then forgot about it after. I know a lot of people are thinking it is proof of government backdoors, but I don't think the government would code their backdoor to use telnet.

I give it 48 hours till the login info for this account is public.

-Otanx

dlots

#3
March 03, 2016, 12:52:51 PM Last Edit: March 03, 2016, 12:54:53 PM by dlots
My idea on this is never attribute to malice what can just as easily be attributed to laziness and stupidity.... however if the password happens to be "<<< %s(un='%s') = %u" I am not sure how I will react.

Dieselboy

#4
March 03, 2016, 07:39:47 PM
I have NX3k switches here running version 6.0(2)U4(4) so it looks as though I'm unaffected.

Does anyone know what the credentials are?
:awesome:

dlots

#5
March 04, 2016, 08:58:14 AM
don't think they are available yet, but I am sure they will be soon.
Print
Go Up Pages1
User actions