
Secret backdoor found in networking gear perfect for government espionage - kushti
https://www.theregister.co.uk/2019/05/02/cisco_vulnerabilities/
======
theamk
> .. allow an unauthenticated, remote attacker to connect to the affected
> system with the privileges of the root user.

> The vulnerability is due to the presence of a default SSH key pair that is
> present in all devices.

That's quite a bug -- I expected to see obscure exploit deep in the networking
code which masterfully bypasses all code hardening, but found a default
credentials instead. This is the kind of mistake that a random IoT company
would do, I would not expect this from Cisco.

------
java-man
I don't understand how this could happen in 2019. There were multiple people
involved who coded, reviewed, tested the code, signed off on the release.

The other possible explanation is that it's intentional.

