Default Credential Vulnerability
   HOME

TheInfoList



Click Here for Items Related To - Default Credential Vulnerability
OR:
Default Credential Vulnerability on:   [Wikipedia]   [Google]   [Amazon]

A Default Credential vulnerability is a type of vulnerability in a computing device that most commonly affects devices having some pre-set (default) administrative credentials to access all configuration settings. The vendor or manufacturer of such devices uses a single pre-defined set of admin credentials to access the device configurations, and any potential hacker can misuse this fact to hack such devices, if those credentials are not changed by consumers.


Examples

There are several Proof-of-Concept (POC), as well as real world worms running across internet, which are configured to search for systems set with a default username and password. Voyager Alpha Force,
Zotob "The Zotob worm and several variations of it, known as Rbot.cbq, SDBot.bzh and Zotob.d, infected computers at companies such as American Broadcasting Company, ABC, CNN, The Associated Press, ''The New York Times'', and Caterpillar Inc." — ''B ...
, and MySpooler are a few examples of POC malware which scan the
Internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, pub ...
for specific devices, and try to login using the default credentials. In the real world, many forms of malware, such as Mirai, have used this vulnerability. Once devices have been compromised by exploiting the Default Credential vulnerability, they can themselves be used for various harmful purposes, such as carrying out
Distributed Denial of Service In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host conne ...
(DDoS) attacks. In one particular incident, a hacker was able to gain access and control of a large number of networks including those of
University of Maryland, Baltimore County The University of Maryland, Baltimore County (UMBC) is a public research university in Baltimore County, Maryland. It has a fall 2022 enrollment of 13,991 students, 61 undergraduate majors, over 92 graduate programs (38 master, 25 doctoral, ...
, Imagination, Capital Market Strategies L, by leveraging the fact that they were using the default credentials for their NetGear switch.


References

{{reflist, 33em


See also

*
Attack (computing) A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, or personal computer devices. An attacker is a person or process that attempts to access data, functions, or other restricted ...
*
Threat (computer) In computer security, a threat is a potential negative action or event facilitated by a vulnerability that results in an unwanted impact to a computer system or application. A threat can be either a negative "intentional" event (i.e. hacking: ...
Web security exploits