cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Fix this Meraki! - Blank 'admin' password allowed for 'my.meraki.com'. ???

Highlighted
Head in the Cloud

Fix this Meraki! - Blank 'admin' password allowed for 'my.meraki.com'. ???

Hi Meraki,

Why is this even allowed?

 

If you enable either one of these features, the interface should force you to set an 'admin' password.

 

Crazy.PNG


Thank you,
Peter James

4 REPLIES 4
Highlighted
Building a reputation

Re: Fix this Meraki! - Blank 'admin' password allowed for 'my.meraki.com'. ???

Security should always be your focus - we ALWAYS change defaults. Edit: If you don't set a password, it is the serial number of the device. So not exactly blank, but weak.

BHC Resorts IT Department
Highlighted
Getting noticed

Re: Fix this Meraki! - Blank 'admin' password allowed for 'my.meraki.com'. ???

The onus to provide security of the devices falls on you, the administrator. Meraki provides security over what they control, the cloud. So its up to you, to set up the default password for device login when they pull configurations from the cloud. The serial number can be gotten from the dashbord or from the hardware device, thus requiring you to physically secure your device, which is your responsibility, nothing Meraki can do about.

 

However, a reminder for setting password is a good idea.


Find my post helpful? Please give me a kudo!
CCNP Certified and Meraki Operator
Highlighted
A model citizen

Re: Fix this Meraki! - Blank 'admin' password allowed for 'my.meraki.com'. ???

Every single network device I've used always comes with a default user name and password. During initial setup, we change this password to something more secure. Setting up the Meraki device username/password is no different than on a HP. If YOU don't change it, there's a default that anyone could use if they know where to look.

Found this helpful? Give me some Kudos! (click on the little up-arrow below)
Highlighted
Head in the Cloud

Re: Fix this Meraki! - Blank 'admin' password allowed for 'my.meraki.com'. ???

@Mr_IT_Guy @Chris_M @BHC_RESORTS Thanks all.

This is exactly what I have done and do completely agree! I just don't think it being able to have it blank is a very good design. I've seen this implemented on other systems where you can unlock it to blank for 15-30 minutes.

 

Admittedly I found this on a network I did not setup, which obviously prompted me to check all our networks.


Thank you,
Peter James

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.