Cisco Manages to Ship Servers with the Wrong Default Password for Seven Weeks

Cisco, the biggest supplier of networking equipment in the world, has managed to ship servers for seven entire weeks without noticing that they had a different default password for the admin account.

The company, which normally secures all administrative accounts with the “admin/password” combination, has apparently been delivering 42 server models with the “Cisco1234” admin password instead.

MOXA

Cisco says that this prevented customers from accessing the device’s CIMC (Cisco Integrated Management Controller). Customers complained, and Cisco started an investigation.

The company later identified the rogue default password and corrected the issue, so the password that comes coded into the devices is the same as the one included in their technical manuals.

Cisco says that all of the 42 affected server models produced between November 17, 2015, and January 6, 2016, had this issue. All affected models are embedded at the end of this article.

Since Cisco issued a public advisory for this incident, network admins that have this type of equipment in their network are advised to change this default password to something more secure as soon as possible. [Softpedia]

Digital Substation

(close)