Cisco, haven't we learned anything? (technician reset)
Scott Morris
swm at emanon.com
Thu Jan 12 18:28:37 UTC 2006
Many products have default STARTING passwords. Whose fault is it that
someone can't figure out that it's not real bright if they don't change it?
The hidden ones are more an issue (with static passwords as opposed to
generated ones).
Scott
PS. If your briefcase still uses 0000 as the combination, I have no
sympathy for your missing items... ;)
-----Original Message-----
From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
Jared Mauch
Sent: Thursday, January 12, 2006 12:39 PM
To: Rob Thomas
Cc: NANOG
Subject: Re: Cisco, haven't we learned anything? (technician reset)
On Thu, Jan 12, 2006 at 10:53:32AM -0600, Rob Thomas wrote:
>
> Hi, Matthew.
>
> ] Cisco Router and Security Device Manager (SDM) is installed on this
device.
> ] This feature requires the one-time use of the username "cisco"
> ] with the password "cisco".
>
> Interesting. Is it limited to one-time use? Are the network login
> services (SSH, telnet, et al.) prevented from using this login and
> password?
I know the AP350 comes with a default Cisco/Cisco account..
(as opposed to doing a nvram/config clear and it only lets you login
on console).
problem is with cisco each product group controls how they ship
their system, so the Aironet teams don't quite seem to get this IMHO. That
doesn't mean your 76k/GSR/CRS-1 will have Cisco/Cisco, but your aironet
products sure may.
- jared
--
Jared Mauch | pgp key available via finger from jared at puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
More information about the NANOG
mailing list