back to article Sigh. Cisco security kit has Java deserialisation bug and a default password SNAFU

Cisco's security developers have served up a parcel of patches. First up, there's a gem in Switchzilla's Secure Access Control System. The ACS (which ceased sale in August 2017) is a hardware-based login gatekeeper, and it's got a remotely-pwnable Java deserialisation bug. Cisco's notice for CVE-2018-0147 says an attacker …

  1. Lazy Jack

    In 2018?

    It's 2018 and there are companies that still produce stuff with hardcoded password backdoors (and sql injection, and buffer overflow, and etc.). Can't we just take the executives to forced labor, dissolve the company and donate its assets to animal shelters?

    I don't know what else would help.

    1. Not That Andrew

      Re: In 2018?

      In theory a good idea, but I don't think animal shelters have the knowledge or resources to provide support for the companies products. And most Cisco customers will be needing extended support.

      Maybe sell the assets & donate the proceeds to animal shelters?

    2. Outer mongolian custard monster from outer space (honest)

      Re: In 2018?

      But Jack, in 2018 its preposterous to imagine a professional vendor doing this* and you must be an idiot to suggest otherwise.

      *Source some middle managers pretending to be technical on El Reg's forums.

  2. Aodhhan 2018

    When pen testing and doing code review, you'll occasionally run across hard coded passwords. They are usually left there from testing, weren't documented, and therefore weren't removed.

    Still, you bring up a good point about this happening in recent years. Because of the availability of development environment OWASP plugins along with much improved (over the past 5-10 years) static code checking software, we shouldn't see something like this from a large company like Cisco.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like