When Cisco released a patch for several of its security appliances Thursday that eliminated the presence of hard-coded SSH host and private keys, the advisory had a distinct air of familiarity about it. That’s because the company released a patch for the same problem in one of its other major products almost exactly one year ago.
Last July, Cisco warned customers that its Unified Communications Domain Manager contained hardcoded, default SSH keys that were vulnerable to theft by attackers. Once in the hands of an attacker, the key could be used to gain root access to a target device. The UCDM is meant for service providers and large enterprises and is designed to provide integration of communications services within an organization.
“The vulnerability is due to the presence of a default SSH private key, which is stored in an insecure way on the system. An attacker could exploit this vulnerability by obtaining the SSH private key. For example, the attacker might reverse engineer the binary file of the operating system. This will allow the attacker to connect by using the support account to the system without requiring any form of authentication. An exploit could allow the attacker to gain access to the system with the privileges of the root user,” the Cisco advisory from July 2, 2014, says.
That description is nearly identical to the one in the advisory from Thursday regarding default SSH keys in a number of Cisco’s security appliances, including its Web Security Virtual Appliances, Email Security Virtual Appliances, and Content Security Management Virtual Appliances. And in the most recent case, the problem affects a much broader set of Cisco’s products, and ones that are designed specifically for security purposes.
The presence of default credentials and SSH keys is a serious problem, but not, unfortunately, a rare one.
“The Cisco advisory, in particular, covers two such vulnerabilities. One, a default SSH key is listed in the local ‘authorized_keys’ file, which can allow anyone with a copy of the static, universal private key access to the devices in question. Second, there is a static, universal SSH host key, which could allow an attacker to impersonate and decrypt administration traffic to the affected devices,” said Tod Beardsley, security engineering manager at Rapid7.
In fact, the issue has become common enough that Rapid7 is building a repository on GitHub of known bad SSH keys. This kind of problem opens users up to a host of attacks, as Beardsley pointed out, including active man-in-the-middle attacks and others. And Cisco is far from the only vendor to be affected by this vulnerability.
In 2013, researchers discovered that firmware in emergency alert systems shipped by two manufacturers both contained a compromised private root SSH key. The Digital Alert Systems’ DASDEC and Monroe Electronics One-Net E189 EAS devices are used as part of the national Emergency Alert System, which broadcasts information over TV and radio during emergencies.
“These DASDEC application servers are currently shipped with their root privileged SSH key as part of the firmware update package. This key allows an attacker to remotely log on in over the Internet and can manipulate any system function,” Mike Davis, principal research scientist at IOActive, who discovered the issue, said in a statement at the time. “For example, they could disrupt a station’s ability to transmit and could disseminate false emergency information.”