Meraki

Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Fix this Meraki! - Blank 'admin' password allowed for 'my.meraki.com'. ???

PeterJames
Head in the Cloud
‎Jan 16 2018 8:36 AM
‎Jan 16 2018 8:36 AM

Fix this Meraki! - Blank 'admin' password allowed for 'my.meraki.com'. ???

Hi Meraki,

Why is this even allowed?

 

If you enable either one of these features, the interface should force you to set an 'admin' password.

 

Crazy.PNG


Thank you,
Peter James

4 Replies 4
BHC_RESORTS
Head in the Cloud
‎Jan 16 2018 8:39 AM
‎Jan 16 2018 8:39 AM

Security should always be your focus - we ALWAYS change defaults. Edit: If you don't set a password, it is the serial number of the device. So not exactly blank, but weak.

BHC Resorts IT Department
Chris_M
Getting noticed
‎Jan 16 2018 10:14 AM
‎Jan 16 2018 10:14 AM

The onus to provide security of the devices falls on you, the administrator. Meraki provides security over what they control, the cloud. So its up to you, to set up the default password for device login when they pull configurations from the cloud. The serial number can be gotten from the dashbord or from the hardware device, thus requiring you to physically secure your device, which is your responsibility, nothing Meraki can do about.

 

However, a reminder for setting password is a good idea.


Find my post helpful? Please give me a kudo!
CCNP Certified and Meraki Operator
0 Kudos
Mr_IT_Guy
A model citizen
‎Jan 17 2018 9:07 AM
‎Jan 17 2018 9:07 AM

Every single network device I've used always comes with a default user name and password. During initial setup, we change this password to something more secure. Setting up the Meraki device username/password is no different than on a HP. If YOU don't change it, there's a default that anyone could use if they know where to look.

Found this helpful? Give me some Kudos! (click on the little up-arrow below)
PeterJames
Head in the Cloud
‎Jan 17 2018 9:36 AM
‎Jan 17 2018 9:36 AM

@Mr_IT_Guy @Chris_M @BHC_RESORTS Thanks all.

This is exactly what I have done and do completely agree! I just don't think it being able to have it blank is a very good design. I've seen this implemented on other systems where you can unlock it to blank for 15-30 minutes.

 

Admittedly I found this on a network I did not setup, which obviously prompted me to check all our networks.


Thank you,
Peter James

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.