Posted on 03/04/2016 6:59:10 PM PST by Utilizer
Cisco has issued a patch for its Nexus 3000 series and Nexus 3500 platform switches to remove a hardcoded password for a user account which would allow attackers full remote access.
In a security advisory, Cisco said the account "could allow an unauthenticated, remote attacker to log in to the device with the privileges of the root user with bash [command] shell access."
Remote access is possible via Telnet, or by Secure Shell on a specific release of the NX operating system. Serial console access locally is also possible.
Cisco said the account is created during installation on the devices and cannot be changed or removed without affecting system functionality.
The company suggested administrators disable the Telnet server on the Nexus devices as a workaround and use SSH instead.
(Excerpt) Read more at itnews.com.au ...
Kind of silly .. if you care at all about security you always disable telnet
Ive worked with Nexus 2, 5 and 7 k
Exactly.
And if you have any sense, you disable password authentication in ssh.
> if you have any sense, you disable password authentication in ssh
Yes, of course. Those are standard practice... for those who "care" and have any "sense".
You would be appalled at how many admins DO NOT do/have either of those things.
Telnet on a consumer facing internet connection. Idiots.
Nexus is not your average Cisco switch
... That being said... ive seen some really stupid things done in networks....
But if you have any sense also, you would not allow anyone to use “password” as the password to any login, yet year after year so many people continue to do so time and time again.
Rather like using the locking combination 1-2-3-4-5 on your luggage, LOL.
This machine is set up to always use TLS wherever possible. I use https: whenever possible.
Have plugin to disable Java scripts unless I allow them. Only have a few that are default allowed.
It has helped. It does cause some issues when logging onto sites with a dozen scripts running. I hate them. Normally avoid the sites.
It certainly made what I show to the web much much smaller.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.