Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Default passwords on Cisco messaging, security products could pose

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Default passwords on Cisco messaging, security products could pose risks, vendor warns
Date: Thu, 16 Dec 2004 01:02:25 -0600 (CST) 
http://www.nwfusion.com/news/2004/1215ciscosecurity.html

[Can I get a collective DUH?!?   - WK]


By Phil Hochmuth
Network World Fusion
12/15/04

Cisco this week warned that default passwords on some of its unified 
messaging and attack-detection products could allow unauthorized users 
to gain administrative access to the respective devices. 

Certain versions of Cisco's Unity unified messaging server and its 
Cisco Guard and Traffic Anomaly Detector products ship with common 
administrative account logons and passwords for each respective 
product. Unauthorized uses with these accounts and passwords could 
gain administrative access to the products, allowing them to change 
settings, and configurations or divert traffic on the respective 
devices. 

Unity is a server software product that integrates IP-based voicemail 
with Microsoft Exchange and Lotus Notes e-mail servers. When deployed 
with Microsoft Exchange, the software ships with the several default 
user name/password combinations that would give someone administrative 
access. These accounts include the following names, followed by an 
underscore "_" and the server's name:
* Eadmin
* UNITY_
* UAMIS_
* UOMNI_
* UVPIM_
* Esubsubscriber 

Cisco says that someone logging into a Unity server with these
accounts could read incoming and outgoing messages on the Unity
server, as well as change configurations of how messages are routed.  
These default account/password combinations are Unity versions 2, 3,
and 4. Cisco says users should change the default passwords on these
default accounts. A software fix is not necessary.

The Cisco Guard and Traffic Anomaly Detector products, introduced this
June, are security appliances used to detect potential
denial-of-service traffic and divert the traffic to a non-critical
network segment where it can be monitored and analyzed. Certain
software versions on these appliances ship with default logon "root"
and a password that is the same on all systems. Someone logging in as
"root" on these devices could change configurations on the box,
redirect traffic to other network segments, or simply deactivate the
device, which would allow DoS attack traffic to enter a network
undetected.

Cisco says users should change the default "root" password on the
affected appliances. Users can also upgrade to version 3.1 or later of
the Cisco Guard and Cisco Traffic Anomaly Detector software, which
asks users to choose a "root" password during installation.

More information on each of these security notices can be found here
[1] and here [2].

[1] 
http://www.cisco.com/en/US/products/products_security_advisory09186a008037cd59.shtml#summary
[2] 
http://www.cisco.com/en/US/products/products_security_advisory09186a008037d0c5.shtml



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - 
http://www.osvdb.org/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Default passwords on Cisco messaging, security products could pose risks, vendor warns, InfoSec News <=
Previous by Date:  [ISN] Microsoft fixes three flaws in XP SP2, InfoSec News
Next by Date:  [ISN] Michigan hacker who tapped into hardware chain's computers gets 9 years, InfoSec News
Previous by Thread:  [ISN] Microsoft fixes three flaws in XP SP2, InfoSec News
Next by Thread:  [ISN] Michigan hacker who tapped into hardware chain's computers gets 9 years, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]