Cisco today released a security advisory announcing that some of Ciscos IronPort virtual appliance products contain multiple default SSH keys. To quote:
A vulnerability in the remote support functionality of Cisco WSAv, Cisco ESAv, and Cisco SMAv Software
could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user.
Oh, good thing its only root. You had me worried there for a second :). Interestingly, there was a somewhat similar Cisco advisory one year ago(on CUCDM) where also a default SSH key was present, and equally led to root privileges. Searching for default credentials on Cisco" />
To Ciscos credit, they seem to have foundtodays SSH key problem on their own, before it was abused, so maybe this is a sign of better times to come, and evidence that after all these years, someone at Cisco has actually started to systematically audit their entire code base for the presence of default credentials. Or maybe it just was a lucky find, and the stellar 10 year track record of default credential security bulletins will continue for another decade? Time will tell...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.