An nameless reader quotes a record from ZDNet: Cisco, the arena’s main supplier of best networking apparatus and endeavor instrument, has launched nowadays 15 safety updates, together with a repair for a subject that may be described as a backdoor account. This newest patch marks the seventh time this year when Cisco has got rid of a backdoor account from one among its merchandise. Five of the seven backdoor accounts had been found out by way of Cisco’s interior testers, with simplest CVE-2018-0329 and this month’s CVE-2018-15439 being discovered by way of exterior safety researchers. The corporate has been deliberately and steadily combing the supply code of all of its instrument since December 2015, when it began a large internal audit. Cisco began that procedure after safety researchers discovered what appeared to be an intentional backdoor within the supply code of ScreenOS, the working machine of Juniper, one among Cisco’s competitors.
Juniper suffered a large reputational harm following the 2015 revelation, and this may increasingly secretly be the explanation why Cisco has have shyed away from the use of the time period “backdoor account” all yr for the seven “backdoor account” problems. Instead, Cisco opted for extra advanced wordings comparable to “undocumented, static user credentials for the default administrative account,” or “the affected software enables a privileged user account without notifying administrators of the system.” It is correct that the use of such phrasings may make Cisco glance disingenuous, however let’s now not omit that Cisco has been ferreting those backdoor accounts basically by itself, and has been seeking to repair them with out scaring shoppers or impacting its personal inventory worth alongside the way in which.