Information Security News mailing list archives
Cisco: All these routers have the same embedded crypto keys, so update firmware
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 8 Nov 2019 07:21:12 +0000 (UTC)
https://www.zdnet.com/article/cisco-all-these-routers-have-the-same-embedded-crypto-keys-so-update-firmware/ By Liam Tung ZDNet November 7, 2019Security researchers have found that the firmware for several Cisco small-business routers contains numerous security issues.
The problems include hardcoded password hashes as well as static X.509 certificates with the corresponding public-private key pairs and one static Secure Shell (SSH) host key.
The static keys are embedded in the routers firmware and are used for providing HTTPS and SSH access to the affected routers. The issue means all devices with the affected firmware use the same keys.
Cisco admits it was an oversight by its developers, but downplayed the seriousness of the error because the certificates and keys were never intended for shipping products.
[...] -- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Current thread:
- Cisco: All these routers have the same embedded crypto keys, so update firmware InfoSec News (Nov 07)