https://www.zdnet.com/article/cisco-all-these-routers-have-the-same-embedded-crypto-keys-so-update-firmware/
By Liam Tung
ZDNet
November 7, 2019
Security researchers have found that the firmware for several Cisco
small-business routers contains numerous security issues.
The problems include hardcoded password hashes as well as static X.509
certificates with the corresponding public-private key pairs and one static
Secure Shell (SSH) host key.
The static keys are embedded in the routers firmware and are used for providing
HTTPS and SSH access to the affected routers. The issue means all devices with
the affected firmware use the same keys.
Cisco admits it was an oversight by its developers, but downplayed the
seriousness of the error because the certificates and keys were never intended
for shipping products.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
