Cisco Removes Backdoor Account, Fourth in the Last Four Months
For the fourth time in as many months, Cisco has removed hardcoded credentials that were left inside one of its products, which an attacker could have exploited to gain access to devices and inherently to customer networks.
This time around, the hardcoded password was found in Cisco’s Wide Area Application Services (WAAS), which is a software package that runs on Cisco hardware that can optimize WAN traffic management.
Making matters worse, this SNMP community string is hidden from device owners, even from the ones with an admin account, meaning they couldn't have located it on their own during regular security audits. "This string can not be discovered or disabled without access to the root filesystem, which regular administrative users do not have under normal circumstances," Blair says.
But while it took Blair root access to spot the hidden SNMP creds, they don't require root access to be exploited, and anyone knowing the string can retrieve stats and system info from affected devices.
|Cisco Removes Backdoor Account, Fourth in the Last Four Months