Default Username and Password Vulnerability in Cisco Wireless LAN and Hosting Solution Engines

Reported April 7, 2004 by Cisco Systems.

 

 

VERSIONS AFFECTED

  • The affected software releases for Wireless LAN Solution Engine (WLSE) are 2.0, 2.0.2, and 2.5.

  • The affected software releases for Hosting Solution Engine (HSE) are 1.7, 1.7.1, 1.7.2, and 1.7.3.

DESCRIPTION

 

A default username and password pair exists in all releases of Cisco Systems' WLSE and HSE software. A user who logs in using the default username has complete control of the device. You can't disable this username, and no workaround exists.

 

VENDOR RESPONSE

 

The vendor, Cisco Systems, has issued a bulletin regarding this vulnerability.

 

CREDIT

 

Discovered by Cisco Systems.

TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish