SAN FRANCISCO- Internet computer gear maker Cisco Systems, which last week went to court to keep a security flaw in its routers under wraps, says its website has been "compromised" and users' passwords changed as a precaution.
Cisco spokeswoman Mojgan Khalili declined to comment on whether any data or passwords of employees, customers and other registered users had been compromised by the vulnerability, which came to Cisco's attention on Tuesday through a third-party security research group.
"Cisco patched the vulnerability and immediately corrected the problem," Khalili said.
It was unclear how long the vulnerability was exposed before the research group discovered it.
Cisco routers direct about 60 per cent of the world's internet traffic, but the website vulnerability is unrelated to the router flaw.
A Cisco website advised customers that "Cisco has determined that Cisco.com password protection has been compromised. As a precautionary measure, Cisco has reset your password ...
"This incident does not appear to be due to a weakness in Cisco products or technologies."
The website vulnerability comes about a week after Cisco drew the ire of many hackers by trying to block a presentation revealing a flaw in its routers.
Security researcher Michael Lynn first described the router flaw and details on how to exploit it last week at the Black Hat security conference in Las Vegas, defying the objections of Cisco and Lynn's former employer, Internet Security Systems.
The two companies won a court order barring Lynn and the Black Hat group from further disseminating details of the router flaw, which could allow the theft of different kinds of data.
Khalili said Cisco was "not aware of any active exploits" of its routers, though that has not stopped hackers from attempting to expose the router flaw.
Some hackers have said in interviews and in blogs that they wanted to illustrate the need for Cisco customers to update their software to defend against malicious attacks.
Security consultant Rick Forno, of the website infowarrior.org said he thought reported attacks on Cisco's website could be a protest over last week's news.
Security expert Joseph Klein, however, said many other companies' websites have the same flaw as Cisco's site and said the flaw was a topic of discussion at the Black Hat conference last week.
"It's just kind of another larger trend, it's just that somebody applied it to Cisco," he said.
Cisco, which is based in San Jose, California, is conducting its own investigation into the website security breach and has notified the US attorney's office in San Jose, California, about the incident.
- REUTERS
Cisco website breach follows routers problem
AdvertisementAdvertise with NZME.
