Thread regarding Cisco Systems Inc. layoffs

Cisco warns of backdoor admin account in Smart Licensing Utility

https://www.bleepingcomputer.com/news/security/cisco-warns-of-backdoor-admin-account-in-smart-licensing-utility/

I am no security expert, but the number of products with high severity vulnerabilities seems concerning to me, especially when “hackers … breach government networks worldwide.”

Is this normal?

by
| 1358 views | | 14 replies (last ) | Reply
Post ID: @OP+1umBoGR9

14 replies (most recent on top)

You really have to wonder. Customers are just now discovering that a big new feature was launched in the latest 24.3.1 release. It was, at least for a limited number of platforms. But for one of our most important router families, it was in the configuration guides and the release notes, but nope. Not supported. No CLI for it. Zippo.
Very angry customers.

by
| | Reply
Post ID: @4qjb+1umBoGR9

This company isn't going to change until they are forced to.
I always have a laugh when a company who sells security products is breached by something that exploited their own poor security posturing.

by
| | Reply
Post ID: @4pfn+1umBoGR9

you want to bet this some offshore dev with minimal skills, dirt pay, and no incentive to do great work decided it was a good idea to commit credentials to code just to make their dev life easier?

a real devop would have known better.
you never, ever commit credentials to a production code branch, if not any code branch period.

see what offshoring your devs for dirt pay gets you cisco?
you compensate good hard working people, they do good work. not like this guy

by
| | Reply
Post ID: @3idq+1umBoGR9

Cisco should stop disclosing so much

by
| | Reply
Post ID: @2eon+1umBoGR9

But don't worry - we're building an inclusive future for all. So inclusive that everyone's invited onto our products because we don't have good security.

by
| | Reply
Post ID: @2plj+1umBoGR9
Like how does that even get through code review?

The use of white space was to the liking of the reviewer.

by
| | Reply
Post ID: @1nbo+1umBoGR9

Maybe we need to update the Cisco Development Process to include security reviews and milestones??
Oh, wait, we did that about 6 years ago!!

by
| | Reply
Post ID: @1vbi+1umBoGR9

Cisco - the software company 🤣

by
| | Reply
Post ID: @1ptr+1umBoGR9

Like how does that even get through code review?

by
| | Reply
Post ID: @1uhv+1umBoGR9

This is so sad and embarrassing for the entire company. Hard-coded credentials that are baked into the service? Lmao.

by
| | Reply
Post ID: @1zsa+1umBoGR9

CSLU is a joke and nobody uses it. It was built on Windows (what were they smoking) and is used for offline air-gap license registration. Just use the cloud Smart license registration, and avoid all that on-prem CSLU or CSSM garbage unless you have lots of time to burn and a high tolerance for pain. I tell customers to avoid those like the plague. If your switches can reach the Internet directly, then use an HTTPS proxy server for cloud licensing.

by
| | Reply
Post ID: @1bkn+1umBoGR9

This is very bad.
Cisco, get your act together. Nobody wants you to have a Solarwinds-like event.

by
| | Reply
Post ID: @1wyq+1umBoGR9

This happens when company goes down the layoff path. Key contributors put these back doors hack as a way to acknowledge good bye.

by
| | Reply
Post ID: @1lrf+1umBoGR9

Yet another example of quality software development.

by
| | Reply
Post ID: @eoa+1umBoGR9

Post a reply

: