Whoops! Cisco changed its default admin password (to ‘Cisco1234’)

Graham Cluley
Graham Cluley
@[email protected]

Cisco password
There’s an amusing story by Simon Sharwood in The Register today.

Apparently when Cisco shipped its Unified Computing System (UCS) boxes between November 17, 2015 and January 6, 2016 it made a configuration error.

You see, when you try to set them up you won’t be able to access them with the default admin password of – wait for it – “password”. Instead, for reasons best known to Cisco they changed the default password to the marginally less insecure (but not documented) “Cisco1234”.

Part of Cisco advisory

So, no. If you’re a sysadmin who is trying to log into your new Cisco kit’s Cisco Integrated Management Controller (CIMC), and are banging your head against the wall because the default password isn’t working, for once it’s not a case of RTFM.

Sign up to our free newsletter.
Security news, advice, and tips.

It should go without saying that as soon as you gain access to your shiny new Cisco box you should reset the password. But not to “password”. Obviously. If you stick with the default password that a product ships with you’re just asking for trouble.

More details about the issue are given in an advisory that Cisco published yesterday.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

3 comments on “Whoops! Cisco changed its default admin password (to ‘Cisco1234’)”

  1. Raul

    Actually, the cisco1234 is the one used in the labs for the CCNA (and old CCNP) certificates (once the practices for hardening begin to take place). So, seem someone from Cisco had been with nightmares with that password

  2. Tom

    Priceless!! All coming from the "security company" that instead of joining standards like IF-MAP has decided that after sitting in for awhile (to gather what it could) decided to go make their own proprietary one (as usual)

    1. coyote · in reply to Tom

      1. Cisco Systems isn't a security company.
      2. Humans aren't perfect.
      3. Humans make mistakes. See point 2.
      4. Even those with the best intentions can go afoul. See points 2 and 3.
      5. As Raul points out, there is some history with this password.

      You also demonstrate some of these points. No, I'm not criticising you but merely pointing out that this is an honest mistake and that is something we all do (anyone claiming otherwise isn't being honest to themselves and by extension to anyone else).

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.