[ISN] Default passwords on Cisco messaging,
security products could pose risks, vendor warns
isn at c4i.org
Thu Dec 16 02:02:25 EST 2004
[Can I get a collective DUH?!? - WK]
By Phil Hochmuth
Network World Fusion
Cisco this week warned that default passwords on some of its unified
messaging and attack-detection products could allow unauthorized users
to gain administrative access to the respective devices.
Certain versions of Cisco's Unity unified messaging server and its
Cisco Guard and Traffic Anomaly Detector products ship with common
administrative account logons and passwords for each respective
product. Unauthorized uses with these accounts and passwords could
gain administrative access to the products, allowing them to change
settings, and configurations or divert traffic on the respective
Unity is a server software product that integrates IP-based voicemail
with Microsoft Exchange and Lotus Notes e-mail servers. When deployed
with Microsoft Exchange, the software ships with the several default
user name/password combinations that would give someone administrative
access. These accounts include the following names, followed by an
underscore "_" and the server's name:
Cisco says that someone logging into a Unity server with these
accounts could read incoming and outgoing messages on the Unity
server, as well as change configurations of how messages are routed.
These default account/password combinations are Unity versions 2, 3,
and 4. Cisco says users should change the default passwords on these
default accounts. A software fix is not necessary.
The Cisco Guard and Traffic Anomaly Detector products, introduced this
June, are security appliances used to detect potential
denial-of-service traffic and divert the traffic to a non-critical
network segment where it can be monitored and analyzed. Certain
software versions on these appliances ship with default logon "root"
and a password that is the same on all systems. Someone logging in as
"root" on these devices could change configurations on the box,
redirect traffic to other network segments, or simply deactivate the
device, which would allow DoS attack traffic to enter a network
Cisco says users should change the default "root" password on the
affected appliances. Users can also upgrade to version 3.1 or later of
the Cisco Guard and Cisco Traffic Anomaly Detector software, which
asks users to choose a "root" password during installation.
More information on each of these security notices can be found here
 and here .
More information about the ISN