Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
schneierBruce SchneierSCHNEIER:7BD43F33CAB668D3E025142A42381D90
HistoryOct 11, 2023 - 11:04 a.m.

Cisco Can’t Stop Using Hard-Coded Passwords

2023-10-1111:04:53
Bruce Schneier
www.schneier.com
14
cisco
vulnerability
hard-coded passwords
root account
emergency responder
JSON

There's a new Cisco vulnerability in its Emergency Responder product:

> This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.

This is not the first time Cisco products have had hard-coded passwords made public. You'd think it would learn.

JSON