from Hacker News

Secret backdoor found in networking gear perfect for government espionage

by kushti on 5/3/19, 11:40 AM with 2 comments

  • by theamk on 5/3/19, 12:56 PM

    > .. allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user.

    > The vulnerability is due to the presence of a default SSH key pair that is present in all devices.

    That's quite a bug -- I expected to see obscure exploit deep in the networking code which masterfully bypasses all code hardening, but found a default credentials instead. This is the kind of mistake that a random IoT company would do, I would not expect this from Cisco.

  • by java-man on 5/3/19, 2:02 PM

    I don't understand how this could happen in 2019. There were multiple people involved who coded, reviewed, tested the code, signed off on the release.

    The other possible explanation is that it's intentional.