Cisco CVE-2019-1804 Some switches in Cisco’s 9000 series are susceptible to a remote vulnerability. It’s a bit odd to call it a vulnerability, actually, because the software is operating as intended. Cisco shipped out these switches with the same private key hardcoded in software for all root SSH logins. Anyone with the key can log in as root on any of these switches.
Cisco makes a strange claim in their advisory, that this is only exploitable over IPv6. This seems very odd, as there is nothing about SSH or the key authentication process that is IPv6 specific. This suggests that there is possibly another blunder, that they accidentally left the SSH port open to the world on IPv6. Another possibility is that they are assuming that all these switches are safely behind NAT routers, and therefore inaccessible through IPv4. One of the advantages/disadvantages of IPv6 is that there is no NAT, and all the network devices are accessible from the outside network. (Accessible in the sense that a route exists. Firewalling is still possible, of course.)
It’s staggering how many devices, even high end commercial devices, are shipped with unintentional yet effective backdoors, just like this one.
Git Repository Ransomware
In a first, ransomware has been targeted at Git repositories. Hundreds of repositories across GitHub, Gitlab, and other services have been replaced with a ransom note, demanding 0.1 bitcoin for recovery. Interestingly, the ransom note threatens to make the code public. This is a problem that open source definitely solves.
How did someone break into so many accounts at once? ..