CERT and Cisco have issued a warning about a vulnerability in the Cisco IOS starting at version 11.3 and affecting all later versions. If your Cisco equipment is HTTP enabled and you're not using TACACS+ or RADIUS for authentication it is vulnerable to complete takeover. The hack is very simple. Please read the Cisco warning and/or the CERT advisory for further information. The warnings were released yesterday. Happy Hacker Stopping. Larry Diffey
On Fri, 29 Jun 2001, Larry Diffey wrote:
CERT and Cisco have issued a warning about a vulnerability in the Cisco IOS starting at version 11.3 and affecting all later versions.
If your Cisco equipment is HTTP enabled and you're not using TACACS+ or RADIUS for authentication it is vulnerable to complete takeover. The hack is very simple.
Yeah, well who enables httpd on their Ciscos, anyway? Wait a sec, the Catalysts have this enabled by default... James Smallacombe PlantageNet, Inc. CEO and Janitor up@3.am http://3.am =========================================================================
Now, if we could just stop people from posting to email lists using HTML and/or RTF-formatted mail . . . Larry Diffey wrote:
CERT and Cisco have issued a warning about a vulnerability in the Cisco IOS starting at version 11.3 and affecting all later versions.
If your Cisco equipment is HTTP enabled and you're not using TACACS+ or RADIUS for authentication it is vulnerable to complete takeover. The hack is very simple.
Please read the Cisco warning and/or the CERT advisory for further information.
The warnings were released yesterday.
Happy Hacker Stopping.
Larry Diffey
-- ------------------------------------------------------------ Roland Dobbins <rdobbins@netmore.net> // 408.859.4137 voice
participants (3)
-
Larry Diffey
-
Roland Dobbins
-
up@3.am