Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cisco found using default SSH keys leaving many security appliances wide open

    Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
    4 Posts 3 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      Harvy66
      last edited by

      http://it.slashdot.org/story/15/06/26/1929217/cisco-security-appliances-found-to-have-default-ssh-keys

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        You beat me by 2 minutesĀ  ;D

        _Many Cisco security appliances contain default, authorized SSH keys that can allow an attacker to connect to an appliance and take almost any action he chooses. The company said all of its Web Security Virtual Appliances, Email Security Virtual Appliances, and Content Security Management Virtual Appliances are affected by the vulnerability.

        This bug is about as serious as they come for enterprises. An attacker who is able to discover the default SSH key would have virtually free reign on vulnerable boxes, which, given Cisco's market share and presence in the enterprise worldwide, is likely a high number. The default key apparently was inserted into the software for support reasons.

        "The vulnerability is due to the presence of a default authorized SSH key that is shared across all the installations of WSAv, ESAv, and SMAv. An attacker could exploit this vulnerability by obtaining the SSH private key and using it to connect to any WSAv, ESAv, or SMAv. An exploit could allow the attacker to access the system with the privileges of the root user," Cisco said_

        1 Reply Last reply Reply Quote 0
        • D
          doktornotor Banned
          last edited by

          1 Reply Last reply Reply Quote 0
          • H
            Harvy66
            last edited by

            And the government thinks they can do better with backdoors. Security, it's a process and all it takes is one flaw.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.