nanog mailing list archives

Re: Cisco, haven't we learned anything? (technician reset)

From: "william(at)elan.net" <william () elan net>
Date: Thu, 12 Jan 2006 17:08:36 -0800 (PST)

Actually, and fairly recently, this IS a default password in IOS. Newout-of-box 28xx series routers have cisco/cisco installed as the defaultpassword with privilege 15 (full access). This is a recent development.


This is hardly only cisco's problem. Most office routers I've dealt with
also come with default username/password and on occasions when I dealt
with  existing installation those passwords have rarely been changed.

What should really be done (BCP for manufactures ???) is have default
password based on unit's serial number. Since most routers provide this
information (i.e. its preset on the chip's eprom) I don't understand

why its so hard to just create simple function as part of software touse this data if the password is not otherwise set.


--
William Leibzon
Elan Networks
william () elan net

Current thread:

Re: Is my router owned? How would I know?, (continued)
- - - Re: Is my router owned? How would I know? Joseph S D Yao (Jan 13)
    - Re: Is my router owned? How would I know? Mikael Abrahamsson (Jan 12)
    - Re: Is my router owned? How would I know? Alexei Roudnev (Jan 14)
    - Re: Is my router owned? How would I know? Mikael Abrahamsson (Jan 14)
    - Re: Is my router owned? How would I know? Alexei Roudnev (Jan 14)
    - Re: Cisco, haven't we learned anything? (technician reset) Brett Frankenberger (Jan 12)
  - Re: Cisco, haven't we learned anything? (technician reset) Bill Nash (Jan 12)
    - Re: Cisco, haven't we learned anything? (technician reset) John Kinsella (Jan 12)
  - Re: Cisco, haven't we learned anything? (technician reset) Gary E. Miller (Jan 12)
  - Re: Cisco, haven't we learned anything? (technician reset) Jay Hennigan (Jan 12)
    - Re: Cisco, haven't we learned anything? (technician reset) william(at)elan.net (Jan 12)
    - Re: Cisco, haven't we learned anything? (technician reset) Jay Hennigan (Jan 12)
    - Re: Cisco, haven't we learned anything? (technician reset) william(at)elan.net (Jan 12)
    - Re: Cisco, haven't we learned anything? (technician reset)y Martin Hannigan (Jan 12)
    - Re: Cisco, haven't we learned anything? (technician reset)y Steven M. Bellovin (Jan 12)
    - Re: Cisco, haven't we learned anything? (technician reset)y eric (Jan 12)
    - Re: Cisco, haven't we learned anything? (technician reset)y Martin Hannigan (Jan 12)
    - Re: Cisco, haven't we learned anything? (technician reset)y Steven M. Bellovin (Jan 12)
- Re: Cisco, haven't we learned anything? (technician reset) Gadi Evron (Jan 12)
  - Re: Cisco, haven't we learned anything? (technician reset) eric (Jan 12)
  - Re: Cisco, haven't we learned anything? (technician reset) Martin Hannigan (Jan 12)

(Thread continues...)