Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Bad News: Default Security Credentials on Cisco Devices

June 29, 2015

Default passwords are not unusual. Cisco has revealed that there are default pre-authorization keys for SSH sessions for some of its network security appliances. Apparently, the default keys were intended for “customer support” purposes. When the bad guys get the keys, their “support” means unauthorized access. Not a good thing. Cisco’s advisory mentions that there are two separate SSH key vulnerabilities for the Cisco Web Security Virtual Appliance (WSAv), Cisco Email Security Virtual Appliance (ESAv), and Cisco Security Management Virtual Appliance (SMAv). The good news is that Cisco has released a patch to plug the holes.

E-mail:   Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.linkedin.com/in/johnsimek
http://www.senseient.com