Because Juniper shouldn't have all the fun.
At least this one should already have access to it heavily limited unlike the outside facing VPN stuff Juniper had.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n3k
Jeez - why do vendors even do this???? What's the use case?
I am guessing it was setup to be used used during development so they can get in and debug even if everything is borked, and then forgot about it after. I know a lot of people are thinking it is proof of government backdoors, but I don't think the government would code their backdoor to use telnet.
I give it 48 hours till the login info for this account is public.
-Otanx
My idea on this is never attribute to malice what can just as easily be attributed to laziness and stupidity.... however if the password happens to be "<<< %s(un='%s') = %u" I am not sure how I will react.
I have NX3k switches here running version 6.0(2)U4(4) so it looks as though I'm unaffected.
Does anyone know what the credentials are?
:awesome:
don't think they are available yet, but I am sure they will be soon.