Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Hard-coded credentials strike again
Cisco has issued a security advisory about a vulnerability in its Emergency Responder software that would allow an unauthenticated remote attacker to log in to an affected device using the root account. The vulnerability, designated CVE-2023-20101, arises from the fact that the root account has default, static credentials that cannot be changed or deleted. Yet again, security through obscurity proves insufficiently obscure. "This vulnerability is due to the presence of static user credentials fo...