Stories
Slash Boxes
Comments

SoylentNews is people

Cisco Thinks it's Still the 1980s: Backdoor 'Support Rep' Access Hardcoded in UDM Software

posted by n1 on Friday July 04 2014, @11:26AM   Printer-friendly
from the certified-by-cisco dept.
Security

damnbunni writes:

Cisco's Unified Communications Domain Manager software can be logged into at a root level using an SSH key intended for Cisco support representatives. The key is embedded in the binary and it's the same key for every installation of the software. According to Cisco, this is in every version of UDM older than 4.4.2. Better check and apply patches, posthaste!

Isn't it about thirty years late for anyone, especially Cisco, to think leaving permanent root-level backdoors in systems is a good idea?

This discussion has been archived. No new comments can be posted.
Cisco Thinks it's Still the 1980s: Backdoor 'Support Rep' Access Hardcoded in UDM Software | Log In/Create an Account | Top | 11 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Informative) by LookIntoTheFuture on Friday July 04 2014, @11:34AM

    by LookIntoTheFuture (462) on Friday July 04 2014, @11:34AM (#64096)
    Their equipment is fully pwned.

    http://www.cisco.com/c/en/us/td/docs/ios/12_2sb/feature/guide/ht_ssi.html [cisco.com]

    • (Score: 4, Informative) by LookIntoTheFuture on Friday July 04 2014, @11:50AM

      by LookIntoTheFuture (462) on Friday July 04 2014, @11:50AM (#64102)
      Better link.

      http://www.cisco.com/c/en/us/td/docs/routers/7600/ios/12-2SR/configuration/lawful_intercept/lawful-int--Book-Wrapper/76LIch1.html#wp1027590 [cisco.com]

      • (Score: 3, Interesting) by egcagrac0 on Friday July 04 2014, @01:17PM

        by egcagrac0 (2705) on Friday July 04 2014, @01:17PM (#64135)

        Wholly useful features, if you're an ISP and might be legally compelled to allow or provide LEAs with a wiretap.

        I don't log into SmartNet enough anymore to check if there are non-LI firmware versions readily available, although the link seems to imply that there might be.

    • (Score: 2) by BsAtHome on Friday July 04 2014, @12:07PM

      by BsAtHome (889) on Friday July 04 2014, @12:07PM (#64110)

      Access to the router/switch allows for full management, that is nothing new.

      But, who leaves SNMP open to world+dog? That is a misconfiguration and a stupidity. As the 'M' in SNMP states, it is a management protocol and therefore inherently dangerous. Leaving that part open or accessible can only show severe lack of design abilities and a complete disregard of best practice.

      • (Score: 2) by ticho on Friday July 04 2014, @12:47PM

        by ticho (89) on Friday July 04 2014, @12:47PM (#64126) Homepage Journal

        SSH and SNMP are two different things. Nowhere in the article, nor in the grandparent's link have I found any mentions of SNMP.

      • (Score: 2) by TheGratefulNet on Friday July 04 2014, @02:37PM

        by TheGratefulNet (659) on Friday July 04 2014, @02:37PM (#64164)

        snmp on cisco rarely has write access. in fact, the new IETF direction is to make MIBs read-only from now on.

        ssh != snmp and snmp is rarely a security problem. snmp fetches counters (mostly) and that's not anywhere close to 'logging in'.

        you did mean ssh. snmp is ok ;)

        --
        "It is now safe to switch off your computer."

        • (Score: 4, Insightful) by frojack on Friday July 04 2014, @07:38PM

          by frojack (1554) on Friday July 04 2014, @07:38PM (#64291) Journal

          Read the "Better Link" posted above.

          The admin function (running on the mediation device) issues SNMPv3 set and get requests to the router's CISCO-TAP2-MIB to set up and initiate a lawful intercept.

          Since these devices are internet facing, and accept snmp commands from the internet interface, you pretty well have to have a router ahead of your router to block snmp.

          --
          No, you are mistaken. I've always had this sig.

  • (Score: 4, Insightful) by Anonymous Coward on Friday July 04 2014, @11:36AM

    by Anonymous Coward on Friday July 04 2014, @11:36AM (#64097)

    I smell payola from a three letter agency. It may have been explained to employees that this was the reasoning for leaving this back door, but it's not like Cisco hires a bunch of day laborers from Home Depot. So during the 30 years, when someone competent spotted the flaw and raised a flag, the either got told to STFU in order to keep their job, or got promoted keep them quiet. Their new salary bump curtsey of a TLA.

    • (Score: 0) by Anonymous Coward on Friday July 04 2014, @01:57PM

      by Anonymous Coward on Friday July 04 2014, @01:57PM (#64150)

      And then we wonder why other nations are not so hot on getting more cisco shit...

  • (Score: 2) by WizardFusion on Friday July 04 2014, @02:38PM

    by WizardFusion (498) on Friday July 04 2014, @02:38PM (#64165) Journal

    How long before that SSH key is in the wild. A week at the most maybe.

  • (Score: 3, Funny) by Horse With Stripes on Friday July 04 2014, @02:52PM

    by Horse With Stripes (577) on Friday July 04 2014, @02:52PM (#64174)

    This is totally safe. This login info isn't widely known, it's not available on the internet and no one is going to share that key. Come on people, the honor system is why hard coding username/password pairs has worked from the beginning of time. And anyway, why would someone want to get into a network device like this ... and if they do what are the chances that the person expressing their curiosity intends to do anything but look around a little and mark it off their bucket list? I mean really, what could possibly go wrong?