←back to thread

Finding thousands of exposed Ollama instances using Shodan

(blogs.cisco.com)
166 points rldjbpin | 3 comments | 03 Sep 25 08:18 UTC | HN request time: 0.627s | source
Show context
larodi ◴[03 Sep 25 10:21 UTC] No.45114122[source]
I’d expect Cisco to publish an article on thousands of Cisco devices with default passwords still there in the open.

Definitely not credible to speak about ML stuff and of course - Ollama has never been production-ready in the sense iOS (Cisco’s) was.

replies(2): >>45114286 #>>45118156 #
_mlbt ◴[03 Sep 25 10:51 UTC] No.45114286[source]
How is it Cisco’s fault that a lot of network administrators are incompetent and don’t change default passwords?
replies(4): >>45114349 #>>45114967 #>>45115632 #>>45118898 #
msh ◴[03 Sep 25 12:35 UTC] No.45114967[source]
Having default passwords for a product that is designed to be connected to a network that the users are not forced to change is incomprehensible incompetent for any product produced the last 25 years.
replies(1): >>45116791 #
1. _mlbt ◴[03 Sep 25 15:15 UTC] No.45116791[source]
If you need to be forced to change the default password on Cisco products you probably shouldn’t be using them.
replies(2): >>45117390 #>>45117552 #
2. cactusplant7374 ◴[03 Sep 25 16:07 UTC] No.45117390[source]
Not allowing default passwords is for the greater good. Making it harder to install is a feature in this case.
3. lupusreal ◴[03 Sep 25 16:18 UTC] No.45117552[source]
Can't you just flip that and say that if you need there to be a default password, you shouldn't be using a Cisco product? And if nobody using a Cisco product needs a default password, then why does one exist at all?