http://www.nwfusion.com/news/2004/1215ciscosecurity.html [Can I get a collective DUH?!? - WK] By Phil Hochmuth Network World Fusion 12/15/04 Cisco this week warned that default passwords on some of its unified messaging and attack-detection products could allow unauthorized users to gain administrative access to the respective devices. Certain versions of Cisco's Unity unified messaging server and its Cisco Guard and Traffic Anomaly Detector products ship with common administrative account logons and passwords for each respective product. Unauthorized uses with these accounts and passwords could gain administrative access to the products, allowing them to change settings, and configurations or divert traffic on the respective devices. Unity is a server software product that integrates IP-based voicemail with Microsoft Exchange and Lotus Notes e-mail servers. When deployed with Microsoft Exchange, the software ships with the several default user name/password combinations that would give someone administrative access. These accounts include the following names, followed by an underscore "_" and the server's name: * Eadmin * UNITY_ * UAMIS_ * UOMNI_ * UVPIM_ * Esubsubscriber Cisco says that someone logging into a Unity server with these accounts could read incoming and outgoing messages on the Unity server, as well as change configurations of how messages are routed. These default account/password combinations are Unity versions 2, 3, and 4. Cisco says users should change the default passwords on these default accounts. A software fix is not necessary. The Cisco Guard and Traffic Anomaly Detector products, introduced this June, are security appliances used to detect potential denial-of-service traffic and divert the traffic to a non-critical network segment where it can be monitored and analyzed. Certain software versions on these appliances ship with default logon "root" and a password that is the same on all systems. Someone logging in as "root" on these devices could change configurations on the box, redirect traffic to other network segments, or simply deactivate the device, which would allow DoS attack traffic to enter a network undetected. Cisco says users should change the default "root" password on the affected appliances. Users can also upgrade to version 3.1 or later of the Cisco Guard and Cisco Traffic Anomaly Detector software, which asks users to choose a "root" password during installation. More information on each of these security notices can be found here [1] and here [2]. [1] http://www.cisco.com/en/US/products/products_security_advisory09186a008037cd59.shtml#summary [2] http://www.cisco.com/en/US/products/products_security_advisory09186a008037d0c5.shtml _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
This archive was generated by hypermail 2.1.3 : Thu Dec 16 2004 - 01:29:37 PST