SoylentNews is people
SoylentNews
Cisco released 22 security advisories yesterday, including two alerts for critical fixes, one of them for a hardcoded password that can give attackers full control over a vulnerable system.
The hardcoded password issue affects Cisco's Prime Collaboration Provisioning (PCP), a software application that can be used for the remote installation and maintenance of other Cisco voice and video products. Cisco PCP is often installed on Linux servers.
Cisco says that an attacker could exploit this vulnerability (CVE-2018-0141) by connecting to the affected system via Secure Shell (SSH) using the hardcoded password.
The flaw can be exploited only by local attackers, and it also grants access to a low-privileged user account. In spite of this, Cisco has classified the issue as "critical."
Although this vulnerability has a Common Vulnerability Scoring System (CVSS) Base score of 5.9, which is normally assigned a Security Impact Rating (SIR) of Medium, there are extenuating circumstances that allow an attacker to elevate privileges to root. For these reasons, the SIR has been set to Critical.
The reasons are that an attacker can infect another device on the same network and use it as a proxy for his SSH connection to the vulnerable Cisco PCP instance, allowing for remote, over-the-Internet exploitation.
Source: https://www.bleepingcomputer.com/news/security/hardcoded-password-found-in-cisco-software/
(Score: 4, Insightful) by bob_super on Friday March 09 2018, @08:56PM (11 children)
Too bad TFA doesn't show the password.
Add that one, carved on a stone tablet, to the growing pile of things to throw at the face of anyone who would entrust backdoor keys to any entity.
(Score: 1) by Ethanol-fueled on Friday March 09 2018, @09:02PM (7 children)
It's CIA passwords.
FIGHT THEM! They will kill you if they don't succeed!
(Score: 2) by insanumingenium on Friday March 09 2018, @09:16PM (6 children)
Come on Ethy, Hanlon's razor isn't going to steer us wrong here.
(Score: 1) by Ethanol-fueled on Friday March 09 2018, @10:18PM (5 children)
Cisco devices are subject to ITAR, for some reason.
Cisco devices have hardcoded backdoors that NSA and China know about because it's okay for China to steal American secrets as long as they're fattening American congressmens' wallets by buying property at a huge markup while fucking the rest of the American population. You and I in the military industrial complex know that all Chinks are stealing our secrets. Trump! Stop Chinese citizens from being employed with us! Stop them from owning American property!
What a fucking national security joke. Trump! Drain the Chinese fifth-columnist swamp! They are stealing our military secrets wholesale!
(Score: 2) by insanumingenium on Friday March 09 2018, @10:26PM (4 children)
ITAR, is a completely shitty law, how they think they can legislate mathematics as a weapon has never made sense to me, but it absolutely doesn't involve mandatory backdoors. It just involves not shipping "weapons" to forbidden countries. As someone who has actually shipped ITAR controlled products I can tell you it is a rubber stamp process.
(Score: 1, Informative) by Ethanol-fueled on Friday March 09 2018, @10:40PM (3 children)
It is a rubber-stamp process. But you are not American. I am. We will destroy you.
(Score: 3, Funny) by insanumingenium on Friday March 09 2018, @10:56PM (2 children)
Riiiight, guess I will have to turn in my passport, guns, and pet bald eagle now.
(Score: 3, Funny) by LoRdTAW on Saturday March 10 2018, @01:28AM (1 child)
You forgot bacon, or are you one of "those" people?
(Score: 2) by insanumingenium on Monday March 12 2018, @03:38PM
You can take my pork from my cold dead hands μολὼν λαβέ.
(Score: 2, Funny) by Anonymous Coward on Friday March 09 2018, @09:27PM
I bet the password is "hunter2".
(Score: 3, Funny) by drussell on Friday March 09 2018, @09:43PM (1 child)
LOL... yeah, I was going to say....
"Was it 123456?" :)
(Score: 2) by VanessaE on Saturday March 10 2018, @08:55PM
No, it was 1-2-3-4-5, same as on the CEO's luggage.