May 20 2005

Default Passwords

Published by Martin at 9:58 am under Simple Security

CHANGE YOUR DEFAULT PASSWORDS!

I can’t say it enough. You should never leave a default password on any device attached to your network. Changing the default password should be part of the setup of any network device. If the vendors were at all security conscious, this would be a part of the configuration wizards they are so thoughtfully including with their network devices.

Several years ago I detected an attack against my network, and tracking it back, I saw it was originating from a server in Taiwan. A quick scan of the server revealed that it was an HP box running their remote server configuration software. A 3 second Google search found the default password, which was still in use. I did something I wouldn’t do today, which was to change the password and shut down the machine, after sending the new password to the web site administrator. Given that the site only had about 5 words in English on it, I’m not sure he was going to be able to read my email, but it did stop the attacks from the compromised machine. That being said, here are a few links to lists of default passwords. You can find these links and many more by searching for ‘default password’ into Google.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

One Response to “Default Passwords”

  1. # Observations from a Tech Architect: Enterprise Implementation Issues & Solutionson 02 Jun 2005 at 2:06 pm

    Bad passwords bypass great security every time…

    In a lot of cases, companies have spent tons of money and built all kinds of wonderful security mechanisms into their networks and servers. In the end ??” it all means nothing because the administrator has a password like: password or administrator or…

Trackback URI |