Feeds

Cisco portal password security compromised

Precautionary reset fails to run smoothly

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

A security breach involving Cisco's customer portal has forced the giant to reset passwords as a precaution. As a result, users visiting Cisco Connection Online on Wednesday were obliged to reauthenticate themselves.

In a statement Cisco said: "It has been brought to our attention that there is an issue in a Cisco.com search tool that could expose passwords for registered users. As a result, to protect our users, we’re taking the proactive step of resetting Cisco.com passwords. Needless to say we’re investigating the incident which does not appear to be due to a weakness in our security products and technologies or with our network infrastructure."

Users are been advised to email an automated service to get their passwords reset but some Reg readers who notified us about the issue report snags in re-establishing a valid log-in. One network reseller, reports the fallout from the security breach is causing significant inconvenience.

"All CCO login ID's have had their passwords reset and email addresses etc. have been removed from the accounts. This means everyone with a Cisco login has to re-register. So now everyone who's had a CCO login should start changing all their passwords as whoever compromised Cisco's system could potentially have the password for corporate email systems, VPN's, home passwords etc," he said.

Another Reg reader adds that Cisco's own workers have also been put out. "The password database for this facility for all of Europe, including Cisco employees has been compromised. The net result is that no one across Europe certainly, is able to log in."

News of the security flap comes a week after Cisco controversially slapped a restraining order on a security researcher who gave a talk on security weaknesses with the networking giant's core IOS software at the Black Hat conference in Las Vegas. Michael Lynn quit his job at security tools vendor ISS in order to give a presentation about how it might be possible to remotely compromise Cisco routers and run malign code. Cisco said that Lynn had failed to follow approved industry practices in disclosing security vulnerabilities. It also took issue with Lynn's "irresponsible public disclosure of illegally obtained proprietary information".

Cisco's handling of the incident has irked segments of the digital underground though it would be speculative in the absence of any evidence beyond timing to suggest this had anything to do with Wednesday's portal password flap. ®

Bootnote

Thanks to all the Reg readers who alerted us to Cisco's little snafu.

Related stories

Exploit writers team up to target Cisco routers
Cisco details Black Hat vuln fix
Settlement reached in Cisco flaw dispute
Cisco, ISS file suit against rogue researcher

Beginner's guide to SSL certificates

More from The Register

next story
Just don't blame Bono! Apple iTunes music sales PLUMMET
Cupertino revenue hit by cheapo downloads, says report
The DRUGSTORES DON'T WORK, CVS makes IT WORSE ... for Apple Pay
Goog Wallet apparently also spurned in NFC lockdown
Cray-cray Met Office spaffs £97m on VERY AVERAGE HPC box
Only 250th most powerful in the world? Bring back Michael Fish
Microsoft brings the CLOUD that GOES ON FOREVER
Sky's the limit with unrestricted space in the cloud
'ANYTHING BUT STABLE' Netflix suffers BIG Europe-wide outage
Friday night LIVE? Nope. The only thing streaming are tears down my face
IBM, backing away from hardware? NEVER!
Don't be so sure, so-surers
Google roolz! Nest buys Revolv, KILLS new sales of home hub
Take my temperature, I'm feeling a little bit dizzy
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Getting ahead of the compliance curve
Learn about new services that make it easy to discover and manage certificates across the enterprise and how to get ahead of the compliance curve.