Cisco issued an alert this Wednesday warning all all Smart Software Manager systems users about a new vulnerability that could allow hackers to change people's account passwords remotely.
According to the tech firm, unauthorized third-party actors could gain people's access, including administrative accounts, by just simply changing their passwords.
Cisco claimed the exploit was made possible due to an "improper implementation" in their password-change process allowing hackers to abuse it by "sending crafted HTTP requests to an affected device."
The vulnerability has been spotted in the On-Prem accounts, which often manage multiple licenses for all Cisco tools. The company did not disclose the exact number of users impacted by the vulnerability.
Cisco already issued a new update to patch out the vulnerability as it advises customers to install the fix immediately.
How to Fix Cisco Password Vulnerability?
The issued patch can be downloaded from the platform's free software update systems. Customers with service contracts can receive the vulnerability fix from their "usual update channels."
Customers are advised to assess the issued update carefully to verify it came from the official Cisco service providers.
Users can also safely uninstall the system and later re-install it to clear all vulnerabilities with the new version downloaded.
Passwords Become More Vulnerable to Exploits
The cyberattack vulnerability in Cisco's systems is only part of growing signs of aging in password security systems on the modern internet as data exploits become more sophisticated and aggressive.
A recent data leak even exposed over 10 billion unique passwords collected from several data breaches and cyberattacks since 2009.
Due to its high risk of cyberattacks, many tech firms have since started shifting to password-less systems with several efforts bringing the same safety guardrails to their customers.
Passwordless systems, which often use biometrics and hardware tokens, are much more difficult to steal compared to passwords stored in data systems.
