Saturday, June 11, 2011

Cisco Unified Videoconferencing Default Root Password: RvShos

I just wanted to repost this here. Awhile ago the guys over at Matta Consulting discovered that the Cisco CUVC-5110-HD10 had hardcoded creds for its management interface:


- - Hard-coded credentials - CVE-2010-3038

Three accounts have a login shell and a password the administrator can neither
disable nor change. The affected accounts are "root", "cs" and "develop".
Matta didn't spend the CPU cycles required to get those passwords but will
provide the salted hashes to interested parties. The credentials can be used
against both the FTP and the SSH daemon running on the device.

Well once I saw that posting, I emailed them asking for the hashes, threw it into john, and forgot about it.

root:$1$6zg2QNQC$tFuy.f7z/jDo/Ek.LNmDh1:12571:0:99999:7:::
cs:$1$2VdEp4KK$cSdr5jM.rXn1r6dpxSW5m0::0:99999:7:::
develop:$1$AY0XLoFu$7PQYVb.c//7kXX3DQY6YH0:14332:0:99999:7:::

Last week we were doing a little maintenance on the system and to my surprise, we cracked it. I was a bit shocked that it took such a long time: just for a six character alphanumeric string it took the admittedly old, single cpu VM, 154 days using the most basic john options

From the john.log

154:05:15:37 + Cracked root

Anyway, since then that particular cracking system has been drastically upgraded.

Oh, and in case you missed it in the title, here's that root password:
RvShos

No comments:

Post a Comment