Wednesday, August 03, 2005

Cisco Connection Online Compromised?

Thank you to Simon Howard for the tip. He and I were both unable to log into our Cisco Connection Online (CCO) accounts today. We received the warning above when authentication failed. The Register is now reporting Cisco portal password security compromised. The Cisco security page has this information:

"Cisco Systems, Inc. was made aware of a vulnerability of a search tool on Cisco.com that could expose passwords for registered users.

Registered users of Cisco.com consist of employees, customers, partners, and other third-party users.

Cisco has since researched this issue and has taken the necessary steps to correct it.

Cisco is taking precautionary measures to protect our registered Cisco.com users, including resetting registered user passwords."

I wonder if Cisco has suffered a SQL injection breach?

When I sent an email to have my account reset, I got this reply:

"This is an automated reply ONLY to have your CCO p/w changed.

DO NOT reply directly to this email!

Your CCO User ID is - [myuserID],[somethingthatlookslikeatemporarypassword]

Sorry, your attempt to change your p/w on CCO has not been successful.

Reason: Your account may not be active.

1Any further inquiries should be directed to cco-team@cisco.com"

I guessed that the email was wrong, so I used my user ID and the part that looked like a temporary password. I was able to log in and change my password from the Cisco supplied version.

Are we going to see more of this guerilla warfare against Cisco? I imagine so.

Update: Check out the video from Black Hat showing Mike Lynn's presentation being ripped from briefing books. All they need is a bonfire!

No comments: