Cisco.com passwords reset after exposure

Cisco  is resetting passwords for all registered users of its Cisco.com Web site after discovering a vulnerability in its search engine software that left user passwords exposed, the company said Wednesday.

The passwords are used by Cisco customers, employees and partners who have registered on the Web site to get access to special areas of the site or to receive e-mail alerts, said Cisco spokesman John Noh.

Cisco was made aware of the problem early Monday and corrected it immediately, Noh said. As a precaution, the company is now in the process of sending out new passwords to all registered users of Cisco.com, who will be unable to access password-protected areas until they receive their new passwords, Noh said.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Cisco  is resetting passwords for all registered users of its Cisco.com Web site after discovering a vulnerability in its search engine software that left user passwords exposed, the company said Wednesday.

The passwords are used by Cisco customers, employees and partners who have registered on the Web site to get access to special areas of the site or to receive e-mail alerts, said Cisco spokesman John Noh.

Cisco was made aware of the problem early Monday and corrected it immediately, Noh said. As a precaution, the company is now in the process of sending out new passwords to all registered users of Cisco.com, who will be unable to access password-protected areas until they receive their new passwords, Noh said.

Noh could not say how long it will take to send out all of the new passwords.

The vulnerability could not be exploited to gain access to sensitive information like Cisco's source code, he said. "We do not believe any sensitive data were compromised as a result of this."

Though Cisco uses Google's search engine to power the main search feature on Cisco.com, the problem did not relate to Google's product, Noh said. "It's a vulnerability related to a Cisco search tool. It's part of the Web application."

Noh declined to give further details on the bug, but said it did not relate to any product that Cisco sells. "This isn't a weakness related to a Cisco product or technology," he said.

The hack, however, could not have come at a worse time.

Cisco and Internet Security Systems two weeks ago tried to halt a presentation by an ISS security researcher at the Black Hat conference on how to seize control of Cisco routers. The presenter, Michael Lynn, gave the presentation anyway after resigning from ISS and despite threats of legal action by Cisco and ISS.

All parties - Lynn, Cisco, ISS and Black Hat - subsequently came to a legal resolution the prohibits Lynn from  disseminating or even discussing his presentation. But copies of it have been circulating on the Internet, followed by cease and desist orders from ISS's legal advisors .

And this week, Cisco is issuing advisories on router vulnerabilities associated with the Black Hat presentation. One such advisory recommends disabling IPv6 on routers running IOS 12.X and two versions of IOS XR because a specially crafted IPv6 packet from a local networks segment can open up the routers to denial-of-service and potentially an arbitrary code execution attack.

"Upon successful exploitation, the device may reload or be open to further exploitation," the advisory states.

Network World's Jim Duffy contributed to this story.

The IDG News Service is a Network World affiliate.