Pair of Cisco Apps Are Open to Attack | eWeek

Pair of Cisco Apps Are Open to Attack

Verfasst von
Dennis Fisher
Dennis Fisher
Apr 8, 2004
2 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

Cisco Systems Inc. on Wednesday warned customers that the software application that manages its wireless LAN products and another one used to monitor services in data centers contain unchangeable default passwords, opening them up to compromise by attackers.

The company said both its Wireless LAN Solution Engine and its Hosting Solutions Engine ship with default username and password pairs that are hard-coded into the software and cannot be changed by users. This means that any user who can log into one of the applications will have complete control over whatever devices the application manages.

It also opens up other attack scenarios. For example, an attacker could log into the WLSE and change access rights and permissions for users or set up his own access point on the network and hide it, giving him the ability to listen in on the networks traffic.

Customers use the WLSE to manage all of the devices in Ciscos wireless LAN product line, including access points and stations. The HSE is designed to help monitor services in data centers. Versions 2.0, 2.0.2 and 2.5 of the WLSE are vulnerable, and HSE 1.7, 1.7.1, 1.7.2 and 1.7.3 are affected as well.

Cisco officials said the problem was the result of someone forgetting to change the default username and password, which are used during development, before the products shipped to customers. They noted, however, that the company has not had any reports of customers being attacked as a result of this vulnerability.

A company official could not say why each of the vulnerable products went through several releases before the problem was discovered.

Cisco, based in San Jose, Calif., released patches that fix this vulnerability. There is no workaround for this issue.

Editors Note: This story was updated to include further information from the company.

/zimages/5/28571.gifCheck outeWEEK.coms Security Centerat http://security.eweek.com for security news, views and analysis. Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page:http://us.i1.yimg.com/us.yimg.com/i/us/my/addtomyyahoo2.gif

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.