Cisco warns customers that the software application that manages its wireless LAN products and another one used to monitor services in data centers contain unchangeable default passwords, opening them up to compromise by attackers.Cisco Systems Inc. on Wednesday warned customers that the software application that manages its wireless LAN products and another one used to monitor services in data centers contain unchangeable default passwords, opening them up to compromise by attackers.
The company said both its Wireless LAN Solution Engine and its Hosting Solutions Engine ship with default username and password pairs that are hard-coded into the software and cannot be changed by users. This means that any user who can log into one of the applications will have complete control over whatever devices the application manages.
It also opens up other attack scenarios. For example, an attacker could log into the WLSE and change access rights and permissions for users or set up his own access point on the network and hide it, giving him the ability to listen in on the network's traffic.
Customers use the WLSE to manage all of the devices in Cisco's wireless LAN product line, including access points and stations. The HSE is designed to help monitor services in data centers. Versions 2.0, 2.0.2 and 2.5 of the WLSE are vulnerable, and HSE 1.7, 1.7.1, 1.7.2 and 1.7.3 are affected as well.
Click here for the full story.
Channel News and Analysis 
