By Dan Ilett, 3 August 2005 14:05
NEWS
Cisco is advising customers to update passwords for the company's web portal following a security breach reported this morning.
The company has admitted that the compromise could expose customer passwords but gave no further details of the cause of the problem.
In a press statement, Cisco said: "It has been brought to our attention that there is an issue in a Cisco.com search tool that could expose passwords for registered users.
"As a result, to protect our registered Cisco.com users, we're taking the proactive step of resetting Cisco.com passwords. Needless to say we're investigating the incident which does not appear to be due to a weakness in our security products and technologies or with our network infrastructure."
The company also stressed on its website that the incident appears unrelated to flaws in Cisco products.
Security experts, however, are unsure as hackers around the world have been racing to find a vulnerability in Cisco equipment since it was described by security researcher Michael Lynn at the Black Hat conference last week. Cisco and Lynn's former employer, Internet Security Systems, have taken legal action against the researcher following the presentation.
One industry source said: "I think this has the possibility of having a significant impact on corporations and the intellectual property of Cisco."
But others disagree. Michael Maddison, director of enterprise risk services for Deloitte, said: "I think it's more likely to be a vulnerability in web applications than Cisco equipment. That's my opinion - we see vulnerabilities in web pages all the time."
Comments
There is 1 comment. Join the discussion
1. Todd Towles
This is nothing more than a common web injection attack. This has nothing to do with ISO problems. There are enough problems with that going around. The cisco website also sends the CCO password in clear text across the network...
Normal bad web programming.