william(at)elan.net wrote:
Actually, and fairly recently, this IS a default password in IOS. New out-of-box 28xx series routers have cisco/cisco installed as the default password with privilege 15 (full access). This is a recent development.
This is hardly only cisco's problem. Most office routers I've dealt with also come with default username/password and on occasions when I dealt with existing installation those passwords have rarely been changed.
True. However I much prefer the old way that Cisco did it. No default passwords on the box at all. But, no remote administration at all until a password was set on the console. Now, there is a default cisco/cisco. Newbie admin creates a new user/pass, tests thinks it's secure, fails to remove the default, game over.
What should really be done (BCP for manufactures ???) is have default password based on unit's serial number. Since most routers provide this information (i.e. its preset on the chip's eprom) I don't understand why its so hard to just create simple function as part of software to use this data if the password is not otherwise set.
The old-school Cisco way works for me. Default is no password if you have physical access, but no remote access. -- Jay Hennigan - CCIE #7880 - Network Administration - jay@west.net NetLojix Communications, Inc. - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323