In association with heise online

13 October 2006, 17:19

Cisco fixes password problem in Wireless Location Appliances

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Once again, Cisco has released an update to remove a fixed pre-programmed password from one of its devices. This time its the Wireless Location Appliance software used in Cisco 2700 series Wireless Location Appliances (WLA) that's affected.

Knowledge of the default login information ( admin login is "root", the default password is "password" ) allows an attacker to gain complete control over the system. The manufacturer states in its advisory that the error is present in software versions up to 2.1.34.0. The problem remains even in the updated version if the user fails explicitly to change his or her password after installation. After installing the update, the user is only forced to change the password during initial installation. Existing installations therefore require the user actively to change the password.

See also:

(ehe)

Print Version | Send by email | Permalink: http://h-online.com/-731643
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit