Vulnerability Development: Re: Default passwords using Cisco ConfigMaker

[aidan.okelly () OCEANFREE NET (Aidan O'Kelly)]

Yep, ive seen this happen aswell, using ConfigMaker with a Cisco 1600. I
think it only does it if you configure it over the console port.

-----Original Message-----
From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of
Runar Jensen
Sent: 05 July 2000 08:29
To: VULN-DEV () SECURITYFOCUS COM
Subject: Default passwords using Cisco ConfigMaker

Regarding the default passwords thread, I seem to remember noticing some
rather annoying
behavior when testing Cisco's ConfigMaker to configure a Cisco router.

I had my own passwords (login/enable) set on a Cisco, and had to supply
these to ConfigMaker
for it to be able to logon to the router. However, when I generated a new
configuration, it still set
the passwords to a predefined default, which I believe was "cmaker" for
both login and enable
(although it may have been for just one of them). I didn't investigate this
any further and ended
up creating the config directly on the router, but I have a feeling this
password may be common
at least on smaller routers with simple setups...

If anyone has a Cisco router available and could verify this, then we could
add that to the default
password lists as well. The software should be available from www.cisco.com.

.../ru