Interesting article:
http://www.cisco.com/warp/public/707/cisco-sa-20040407-username.shtml

Any of you system admins out there with Cisco hardware should give this a serious read.

Wow.

How dumb is this? You'd think that in this day and age with all of these security fears we've got going around, Cisco of all places, which offers a FREAKING INTERNET SECURITY CERTIFICATION would have thought better than to hard-code a username/password pair into their firmware.

Ah well... at least they released a patch... :rolleyes:

APC has done the same thing too. It is really disturbing that these big companies would include such backdoors. All it takes is one disgruntled employee to cause a lot of havoc. Sure, the developers of the systems would know of bugs, and other exploits as they did create the product, but setting up a straight-forward backdoor is a bit much.

Agreed. One disgruntled employee (bad apple) can spoil the lot. Why would they include it in their hardware? Sounds like leaving the key underneath the doormat if you know what I mean...and then putting up a sign with an arrow that points under the mat and says "key" (pink neon, blink blink, blinkety blink)