Re: Sloppy...
You see...
"These vulnerabilities manifested in the form of hard-coded, default user accounts and passwords, and several types of embedded cryptographic keys."
That sounds more like it. So why conflate that with "normal" security vulnerabilities?
But given that they allegedly "stole" the code from Cisco and Cisco has spent the last 18 months removing dozens of backdoors from its code, it probably isn't a great surprise. It would be interesting to know if those backdoors use the same credentials as Cisco's code did...
The rest of the report is pretty damning on the quality of the code, so why make yourself look ridiculous and diminish your credibility with the above?
contained one or more default credentials, with 227 having a default password for the root user.
And then they start obfuscating again. Default password? Where is the problem? Hard coded is a problem, providing a default and making/letting the user change it is something different - and a large telco or data center that doesn't change the default password on a device deserves all the ridicule it can get.
Biting the hand that feeds IT
