Feeds

Cisco portal password security compromised

Precautionary reset fails to run smoothly

  • alert
  • submit to reddit

Internet Security Threat Report 2014

A security breach involving Cisco's customer portal has forced the giant to reset passwords as a precaution. As a result, users visiting Cisco Connection Online on Wednesday were obliged to reauthenticate themselves.

In a statement Cisco said: "It has been brought to our attention that there is an issue in a Cisco.com search tool that could expose passwords for registered users. As a result, to protect our users, we’re taking the proactive step of resetting Cisco.com passwords. Needless to say we’re investigating the incident which does not appear to be due to a weakness in our security products and technologies or with our network infrastructure."

Users are been advised to email an automated service to get their passwords reset but some Reg readers who notified us about the issue report snags in re-establishing a valid log-in. One network reseller, reports the fallout from the security breach is causing significant inconvenience.

"All CCO login ID's have had their passwords reset and email addresses etc. have been removed from the accounts. This means everyone with a Cisco login has to re-register. So now everyone who's had a CCO login should start changing all their passwords as whoever compromised Cisco's system could potentially have the password for corporate email systems, VPN's, home passwords etc," he said.

Another Reg reader adds that Cisco's own workers have also been put out. "The password database for this facility for all of Europe, including Cisco employees has been compromised. The net result is that no one across Europe certainly, is able to log in."

News of the security flap comes a week after Cisco controversially slapped a restraining order on a security researcher who gave a talk on security weaknesses with the networking giant's core IOS software at the Black Hat conference in Las Vegas. Michael Lynn quit his job at security tools vendor ISS in order to give a presentation about how it might be possible to remotely compromise Cisco routers and run malign code. Cisco said that Lynn had failed to follow approved industry practices in disclosing security vulnerabilities. It also took issue with Lynn's "irresponsible public disclosure of illegally obtained proprietary information".

Cisco's handling of the incident has irked segments of the digital underground though it would be speculative in the absence of any evidence beyond timing to suggest this had anything to do with Wednesday's portal password flap. ®

Bootnote

Thanks to all the Reg readers who alerted us to Cisco's little snafu.

Related stories

Exploit writers team up to target Cisco routers
Cisco details Black Hat vuln fix
Settlement reached in Cisco flaw dispute
Cisco, ISS file suit against rogue researcher

Internet Security Threat Report 2014

More from The Register

next story
Docker's app containers are coming to Windows Server, says Microsoft
MS chases app deployment speeds already enjoyed by Linux devs
IBM storage revenues sink: 'We are disappointed,' says CEO
Time to put the storage biz up for sale?
'Hmm, why CAN'T I run a water pipe through that rack of media servers?'
Leaving Las Vegas for Armenia kludging and Dubai dune bashing
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
SDI wars: WTF is software defined infrastructure?
This time we play for ALL the marbles
Windows 10: Forget Cloudobile, put Security and Privacy First
But - dammit - It would be insane to say 'don't collect, because NSA'
Oracle hires former SAP exec for cloudy push
'We know Larry said cloud was gibberish, and insane, and idiotic, but...'
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.