Cisco Systems is resetting passwords for all registered users of its Cisco.com Web site after discovering a vulnerability in its search engine software that left user passwords exposed, the company said Wednesday.
The passwords are used by Cisco customers, employees and partners who have registered on the Web site to get access to special areas of the site or to receive e-mail alerts, said Cisco spokesman John Noh.
Cisco was made aware of the problem early Monday and corrected it immediately, Noh said. As a precaution, the company is now in the process of sending out new passwords to all registered users of Cisco.com, who will be unable to access password-protected areas until they receive their new passwords, Noh said.
Noh could not say how long it will take to send out all of the new passwords.
The vulnerability could not be exploited to gain access to sensitive information like Cisco's source code, he said. "We do not believe any sensitive data were compromised as a result of this."
Though Cisco uses Google's search engine to power the main search feature on Cisco.com, the problem did not relate to Google's product, Noh said. "It's a vulnerability related to a Cisco search tool. It's part of the Web application."
Noh declined to give further details on the bug, but said it did not relate to any product that Cisco sells. "This isn't a weakness related to a Cisco product or technology," he said.