Cisco fixes password problem in Wireless Location Appliances
Once again, Cisco has released an update to remove a fixed pre-programmed password from one of its devices. This time its the Wireless Location Appliance software used in Cisco 2700 series Wireless Location Appliances (WLA) that's affected.
Knowledge of the default login information ( admin login is "root", the default password is "password" ) allows an attacker to gain complete control over the system. The manufacturer states in its advisory that the error is present in software versions up to 2.1.34.0. The problem remains even in the updated version if the user fails explicitly to change his or her password after installation. After installing the update, the user is only forced to change the password during initial installation. Existing installations therefore require the user actively to change the password.
- Default Password in Wireless Location Appliance, Cisco security advisory
(ehe)