Cisco's Unified Communications Domain Manager software can be logged into at a root level using an SSH key intended for Cisco support representatives. The key is embedded in the binary and it's the same key for every installation of the software. According to Cisco, this is in every version of UDM older than 4.4.2. Better check and apply patches, posthaste!
Isn't it about thirty years late for anyone, especially Cisco, to think leaving permanent root-level backdoors in systems is a good idea?
This discussion has been archived.
No new comments can be posted.
Cisco Thinks it's Still the 1980s: Backdoor 'Support Rep' Access Hardcoded in UDM Software
|
Log In/Create an Account
| Top
| 11 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(Score: 4, Informative) by LookIntoTheFuture on Friday July 04 2014, @11:34AM
http://www.cisco.com/c/en/us/td/docs/ios/12_2sb/feature/guide/ht_ssi.html [cisco.com]
(Score: 4, Informative) by LookIntoTheFuture on Friday July 04 2014, @11:50AM
http://www.cisco.com/c/en/us/td/docs/routers/7600/ios/12-2SR/configuration/lawful_intercept/lawful-int--Book-Wrapper/76LIch1.html#wp1027590 [cisco.com]
(Score: 3, Interesting) by egcagrac0 on Friday July 04 2014, @01:17PM
Wholly useful features, if you're an ISP and might be legally compelled to allow or provide LEAs with a wiretap.
I don't log into SmartNet enough anymore to check if there are non-LI firmware versions readily available, although the link seems to imply that there might be.
(Score: 2) by BsAtHome on Friday July 04 2014, @12:07PM
Access to the router/switch allows for full management, that is nothing new.
But, who leaves SNMP open to world+dog? That is a misconfiguration and a stupidity. As the 'M' in SNMP states, it is a management protocol and therefore inherently dangerous. Leaving that part open or accessible can only show severe lack of design abilities and a complete disregard of best practice.
(Score: 2) by ticho on Friday July 04 2014, @12:47PM
SSH and SNMP are two different things. Nowhere in the article, nor in the grandparent's link have I found any mentions of SNMP.
(Score: 2) by TheGratefulNet on Friday July 04 2014, @02:37PM
snmp on cisco rarely has write access. in fact, the new IETF direction is to make MIBs read-only from now on.
ssh != snmp and snmp is rarely a security problem. snmp fetches counters (mostly) and that's not anywhere close to 'logging in'.
you did mean ssh. snmp is ok ;)
"It is now safe to switch off your computer."
(Score: 4, Insightful) by frojack on Friday July 04 2014, @07:38PM
Read the "Better Link" posted above.
Since these devices are internet facing, and accept snmp commands from the internet interface, you pretty well have to have a router ahead of your router to block snmp.
No, you are mistaken. I've always had this sig.
(Score: 4, Insightful) by Anonymous Coward on Friday July 04 2014, @11:36AM
I smell payola from a three letter agency. It may have been explained to employees that this was the reasoning for leaving this back door, but it's not like Cisco hires a bunch of day laborers from Home Depot. So during the 30 years, when someone competent spotted the flaw and raised a flag, the either got told to STFU in order to keep their job, or got promoted keep them quiet. Their new salary bump curtsey of a TLA.
(Score: 0) by Anonymous Coward on Friday July 04 2014, @01:57PM
And then we wonder why other nations are not so hot on getting more cisco shit...
(Score: 2) by WizardFusion on Friday July 04 2014, @02:38PM
How long before that SSH key is in the wild. A week at the most maybe.
(Score: 3, Funny) by Horse With Stripes on Friday July 04 2014, @02:52PM
This is totally safe. This login info isn't widely known, it's not available on the internet and no one is going to share that key. Come on people, the honor system is why hard coding username/password pairs has worked from the beginning of time. And anyway, why would someone want to get into a network device like this ... and if they do what are the chances that the person expressing their curiosity intends to do anything but look around a little and mark it off their bucket list? I mean really, what could possibly go wrong?