Hacker News new | past | comments | ask | show | jobs | submit login

Given the number of times that a hard-coded password has been distributed on Cisco gear, yeah, I think it points to a cultural failure.



That happened 15 years ago dude, on Linksys gear. The first CVE on that list is probably older than a few of the commenters on this thread.


A cursory internet search reveals several that popped up within the past decade on Cisco's gear. Hard-coded passwords are table stakes, if that slips through, what else is lurking beneath the surface?

Network hardware is to operate in the adversarial landscape which is the open internet. It requires an extreme, exhaustive workflow to ensure bugs do not slip through. That we repeatedly see these failures does not raise confidence.

- 2016-01 https://tools.cisco.com/security/center/content/CiscoSecurit...

- 2018-03 https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-2018...

- 2018-10 https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-2018...

- 2019-07 https://tools.cisco.com/security/center/content/CiscoSecurit...

Edit: formatting




The deadline for YC's W25 batch is 8pm PT tonight. Go for it!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: