Passwords Reset on Cisco Careers Portal

Friday, November 11, 2016 @ 04:11 PM gHale


Cisco issued a password reset for users of its Cisco Professional Careers mobile website.

A security researcher discovered a vulnerability and the networking giant went ahead and reset the passwords.

RELATED STORIES
Cisco Fixes Email Security Appliance
Reminder to Cisco: Remove Testing Interface
Analytics through Network Monitoring
Cisco Addresses Cloud Services Holes

If left unchecked it could have exposed “a limited set of job application-related information.”

Cisco said it does not think the exposed information ended up accessed by anyone other than the researcher who discovered the issue.

The issue was the result of an incorrect security setting following system maintenance on a third party website, Cisco said in a blog post.

As soon as the company became aware of the issue, it corrected the setting and prompted the user password reset on the website.

An independent security researcher discovered the hole and a combined investigation in the matter found the incorrect settings were in place twice: From August 2015 to September 2015, and from July 2016 to August 2016.

In the breach notification to users, the company said exposed data included the user name, address, email, phone number, username and password, answers to security questions, education and professional profile, cover letter and resume text, and voluntary information, where available (gender, race, veteran status, and disability).

The company said only the researcher who discovered the bug is believed to have had access to the exposed information, but it did tell users an instance of unexplained, anomalous connection to the server determined it to take precautionary measures.

On November 2, the company decided to alert its users on the matter, prompting them to reset their passwords upon their next login to the mobile Professional Careers website by clicking “Forgot My Password.” On top of that, the company has decided to disable access to the site using security questions.



Leave a Reply

You must be logged in to post a comment.