Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Cisco: All these routers have the same embedded crypto keys, so update firmware

From: InfoSec News <alerts () infosecnews org>
Date: Fri, 8 Nov 2019 07:21:12 +0000 (UTC)
https://www.zdnet.com/article/cisco-all-these-routers-have-the-same-embedded-crypto-keys-so-update-firmware/

By Liam Tung
ZDNet
November 7, 2019
Security researchers have found that the firmware for several Cisco small-business routers contains numerous security issues.
The problems include hardcoded password hashes as well as static X.509 certificates with the corresponding public-private key pairs and one static Secure Shell (SSH) host key.
The static keys are embedded in the routers firmware and are used for providing HTTPS and SSH access to the affected routers. The issue means all devices with the affected firmware use the same keys.
Cisco admits it was an oversight by its developers, but downplayed the seriousness of the error because the certificates and keys were never intended for shipping products. 

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
Previous By Date Next
Previous By Thread Next

Current thread: