1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cisco warns of default SSH keys shipped in three products

Discussion in 'CSO' started by RSS, Jun 26, 2015.

  1. RSS

    RSS New Member Member

    Cisco Systems said Thursday it released a patch for three products that shipped with default encryption keys, posing a risk that an attacker with the keys could decrypt data traffic.

    The products are Cisco's Web Security Virtual Appliance, Email Security Virtual Appliance and Security Management Virtual Appliance, it said in an advisory. Versions downloaded before Thursday are vulnerable.

    Cisco said it "is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."

    Lost in the clouds: Your private data has been indexed by Google

    The three products all shipped with preinstalled encryption keys for SSH (Secure Shell), which is used to remotely log into machines. It's considered a bad security practice to ship products that all have the same private keys.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page