Password unwittingly changed to Cisco1234 on 42 models

Jan 12, 2016 12:50 GMT  ·  By
Cisco discoveres blunder regarding its default password for some server models
   Cisco discoveres blunder regarding its default password for some server models

Cisco, the biggest supplier of networking equipment in the world, has managed to ship servers for seven entire weeks without noticing that they had a different default password for the admin account, The Register notes.

The company, which normally secures all administrative accounts with the "admin/password" combination, has apparently been delivering 42 server models with the "Cisco1234" admin password instead.

Cisco says that this prevented customers from accessing the device's CIMC (Cisco Integrated Management Controller). Customers complained, and Cisco started an investigation.

The company later identified the rogue default password and corrected the issue, so the password that comes coded into the devices is the same as the one included in their technical manuals.

Cisco says that all of the 42 affected server models produced between November 17, 2015, and January 6, 2016, had this issue. All affected models are embedded at the end of this article.

Since Cisco issued a public advisory for this incident, network admins that have this type of equipment in their network are advised to change this default password to something more secure as soon as possible.

Just like in the SYNful Knock attack discovered in September 2015, hackers won't wait long to exploit vulnerabilities.

Since network admins didn't have CIMC access, it is doubtful that any affected equipment was deployed to sensitive infrastructure without being configured in advance, but some may still be online and can be compromised with backdoors before being deployed.

Affected Server Models