[ISN] Default passwords on Cisco messaging, security products could pose risks, vendor warns

Thu Dec 16 02:02:25 EST 2004

http://www.nwfusion.com/news/2004/1215ciscosecurity.html

[Can I get a collective DUH?!?   - WK]

By Phil Hochmuth
Network World Fusion
12/15/04

Cisco this week warned that default passwords on some of its unified 
messaging and attack-detection products could allow unauthorized users 
to gain administrative access to the respective devices. 

Certain versions of Cisco's Unity unified messaging server and its 
Cisco Guard and Traffic Anomaly Detector products ship with common 
administrative account logons and passwords for each respective 
product. Unauthorized uses with these accounts and passwords could 
gain administrative access to the products, allowing them to change 
settings, and configurations or divert traffic on the respective 
devices. 

Unity is a server software product that integrates IP-based voicemail 
with Microsoft Exchange and Lotus Notes e-mail servers. When deployed 
with Microsoft Exchange, the software ships with the several default 
user name/password combinations that would give someone administrative 
access. These accounts include the following names, followed by an 
underscore "_" and the server's name:
* Eadmin
* UNITY_
* UAMIS_
* UOMNI_
* UVPIM_
* Esubsubscriber 

Cisco says that someone logging into a Unity server with these
accounts could read incoming and outgoing messages on the Unity
server, as well as change configurations of how messages are routed.  
These default account/password combinations are Unity versions 2, 3,
and 4. Cisco says users should change the default passwords on these
default accounts. A software fix is not necessary.

The Cisco Guard and Traffic Anomaly Detector products, introduced this
June, are security appliances used to detect potential
denial-of-service traffic and divert the traffic to a non-critical
network segment where it can be monitored and analyzed. Certain
software versions on these appliances ship with default logon "root"
and a password that is the same on all systems. Someone logging in as
"root" on these devices could change configurations on the box,
redirect traffic to other network segments, or simply deactivate the
device, which would allow DoS attack traffic to enter a network
undetected.

Cisco says users should change the default "root" password on the
affected appliances. Users can also upgrade to version 3.1 or later of
the Cisco Guard and Cisco Traffic Anomaly Detector software, which
asks users to choose a "root" password during installation.

More information on each of these security notices can be found here
[1] and here [2].

[1] http://www.cisco.com/en/US/products/products_security_advisory09186a008037cd59.shtml#summary
[2] http://www.cisco.com/en/US/products/products_security_advisory09186a008037d0c5.shtml