http://arstechnica.com/security/2015/06/two-keys-to-rule-them-all-cisco-warns-of-default-ssh-keys-on-appliances/
this is almost as funny as that time Sun shipped that version of Solaris with a hidden root account (or something like that) with a common PW
what the heck were they thinking??? Sure build a vendor support mechanism but for pete's sake it has to be authorised by the client/key set by the client, surely
This is not going to help them move security gear, I can tell you that right now.
And, yes, having those pre-inserted keys will make support much easier because, basically, YOU ARE COMPROMISING THE SECURITY OF THE SECURITY DEVICE THAT YOU SOLD. Idiots!
Slick. :problem?:
Quote from: wintermute000 on June 26, 2015, 11:51:43 PM
this is almost as funny as that time Sun shipped that version of Solaris with a hidden root account (or something like that) with a common PW
http://www.hackbusters.com/news/stories/347058-cisco-ucdm-platform-ships-with-default-static-password
^ And this is even more like that, because it is.
Quote from: deanwebb on July 02, 2015, 11:59:42 AM
Quote from: wintermute000 on June 26, 2015, 11:51:43 PM
this is almost as funny as that time Sun shipped that version of Solaris with a hidden root account (or something like that) with a common PW
http://www.hackbusters.com/news/stories/347058-cisco-ucdm-platform-ships-with-default-static-password
^ And this is even more like that, because it is.
There are others as well, that's been using the same static root password (linux based appliance) for years.