"released January, 2019"
Good grief! This would have been considered a fundamental flaw in 1989, but in 2019??
Cisco has issued a security advisory about a vulnerability in its Emergency Responder software that would allow an unauthenticated remote attacker to log in to an affected device using the root account. The vulnerability, designated CVE-2023-20101, arises from the fact that the root account has default, static credentials that …
What's the problem with hard coded credentials? Someone leaves the business. Still got a way in. Someone forgets the password, Still got a way in. It's a win all round. Sure there may be some naysayers about other people that can get these credentials but isn't it worth the risk for the peace of mind that you will always have a way in? I sometimes leave the keys in my front door on the way out in case I lose them. Never lost my keys that way.
You can still do that as there are many devices that still don't force you to change it the first time you use it. It's like moving into a new house and not changing the locks. I remember those halcyon days however I was a good person and never used it to harm anyone. I say that but I did change an open Wi-Fi network name in a bar to "big floppy donkey dick". I was a little drunk and thought it quite funny. I was tempted to lock it but decided against it even in my inebriated state.
Did I really need a sarcasm tag good person?
After their enterprise stuff had at least 5 backdoors, after EAL certification, I assumed CISCO would never never do that again, ever. Boy I was wrong. Now we need to suspect ladder attacks are built in. I pity Apple, as some of the Nxx ladder stuff has been brilliant. The right question to ask CISCO - is HOW did this get past their redoubled QA?
After their enterprise stuff had at least 5 backdoors
And about a dozen plus more no one has discovered. Yet.
HOW did this get past their redoubled QA?
Cisco no longer has the ability to publish technical documents and release notes that make sense, QA codes would be an even bigger hurdle.